Health IT: The New Frontier of Cyberwar

In a new blog, Dr Saif Abed, Founding Partner of AbedGraham, argues that the WannaCry cyber-attack from May 2017 is only 'the tip of the iceberg as far as risk goes' in healthcare.

By
Dr Saif
Abed

Whether you want to believe it or not, healthcare is now the new frontier for an era of cyberwar where petty opportunists, organised crime and nation-states are all adversaries we have to prepare for.

As we’re at the anniversary of the WannaCry attack it’s a good time to reflect about the threats we face and how we’re coping with the increasing onslaught that healthcare providers and health IT suppliers are facing. From my perspective, my view has only hardened that WannaCry is the tip of the iceberg as far as risk goes. The attack opened our eyes but in part also risked causing us to become myopic.

Ransomware after all is only one way to cause chaos.

Typically, in the world of cybersecurity we talk about the world of C-I-A when it comes to types of harm, that is confidentiality, integrity and availability. Ransomware is a great example of what happens when systems and information become unavailable. It causes chaos and places our systems at a standstill, at least temporarily, but in most cases clinicians can make sure their patients are stable and stay out of harm’s way. There are of course exceptions but, in the end, we cope and can minimise harm.

Integrity is a different beast altogether though. I’ve been sharing a few case studies over the past few months including when I spoke at HIMSS in Las Vegas in March emphasising the devastation that can be caused by integrity-based attacks.

Imagine being a CIO or CCIO and getting a call asking for a ransom but instead of shutting down systems instead the attackers says they’ve started mixing patient medications for the last couple of hours? Or lab results? Or medical images? What if they’ve simply reset Early Warning Systems to report normal for all patients? Harm is potentially starting to happen and no-one knows it yet because it’s trust based. A pseudo-state of “Business as Usual” doesn’t have to be apparent chaos, it can be insidious and that’s the new frontier we have to prepare for. Not just technologically but in terms of people and processes.

Make no mistake about it, we’re already at war in healthcare. It just happens to be a cyberwar.

The UK e-Health Week conference, taking place at Olympia in London on 15 - 16 May, organised by HIMSS UK, will host several masterclasses around Artificial Intelligence (AI), design thinking and cybersecurity, and you can register here to secure your place. 

HIMSS UK is the parent company of BJ-HC.

Related content:

DHSC inks deal with Microsoft amid increasing cyber concerns 

Dr Saif Abed

Founding Partner of AbedGraham

Related News

Learning from Global Digital Exemplars: Blueprinting for digital transformation

Rachel Dunscombe, Director of Digital for Salford Royal Group and Afzal Chaudhry, CCIO of CUH, discuss the challenges in becoming a GDE on HIMSS TV

'Analytics is more actionable in healthcare,' says Director of Data Science at NHS Digital

The Director of Data Science at NHS Digital, Daniel Ray, tells HIMSS TV that analytics are now more actionable than ever before

Learning from NatGeo: Meeting the cultural challenges tied to digital transformation

Dr Charles Alessi, HIMSS International CCO, interviews Marcus East, National Geographic Chief Technology Officer, for HIMSS TV at UK e-Health Week