Designing a cyber secure healthcare environment

While Covid-19 has been putting severe strain on the frontline medical staff, hospitals and medical centers have found themselves stuck in a vulnerable spot. Holding a large amount of sensitive and confidential data, hospitals become prey for attacks by cybercriminals, who show no sign of mercy but double down their ransomware attacks during the pandemic. 

Image by Mount Sinai via www.mountsinai.org/

Cyber threats on the rise

One example of such cybercriminals is the ransomware group "FIN12", which has been identified by American cybersecurity firm Mandiant for causing 20% of the cyber security activities in 2021. The Russian-speaking hacker group is notorious for targeting the healthcare industry and siphoning tens and millions of dollars off high-earning victim corporations each month.

In Asia, cyberattacks have also been very rampant. Since 2020, the Cybersecurity Agency of Singapore has noticed a surge in ransomware incidents, online scams, and Covid-19-related phishing activities. Recently, private healthcare group Fullerton Health Singapore suffered from cyberattacks in which sensitive personal details of 400,000 people were unfortunately leaked and sold. This included customers' names, family profiles, medical history, identity card number, insurance policy, and bank account details.

Image by Mount Sinai via www.mountsinai.org/

Why are healthcare organizations vulnerable to cyberattacks?

Healthcare organizations become easy targets of cyberattacks because of the rich source of confidential information they store and their cybersecurity loopholes. Healthcare organizations handle a lot of confidential information on a daily basis. To the hacker, selling personal information online is lucrative, so they take advantage of existing cybersecurity loopholes to earn a fortune.

A hacker could use a single medical device as an entry point to access a wider medical network. While connectivity enhances the exchange of information within an institution, it is also a double-edged sword for compromising patients' privacy.

The lack of investment in cybersecurity technologies also exposes healthcare organizations to increased risks of cyberattacks. It is reported that healthcare organizations spend only 5% of their IT budget on cybersecurity, which perhaps explains why institutions lack the necessary tools to guard themselves against ransomware attacks.

Image by Mount Sinai via www.mountsinai.org/

Hospital designs that help protect privacy

Healthcare organizations may consider carrying out digital and physical preventive measures to maintain smooth daily operations and high-quality service. On the one hand, healthcare organizations may invest in up-to-date backup and recovery solutions to prevent data theft.

On the other hand, health organizations could make use of thoughtful hospital designs to create a healing space that respects patients' privacy from the moment they arrive to the moment they leave. Install privacy glasses in places where patients' information is handled, such as the reception area. Improve wayfinding with the use of different colors. For example, use brighter colors to draw guests to community spaces and more subtle shades like pale blue, plain white, and grey-green for doors leading to personnel-only areas. Establish effective access control systems to determine who is allowed in a particular area. Lastly, adopt a flexible design approach to create multifunctional spaces with adjustable shelving or movable features. Such features help meet the changing technological needs in the future when the hospital calls for extra space for IT storage or infrastructure.

Questions and Answers

Q1: Why does ransomware target hospitals?

Hospitals are targeted by ransomware easily because of the rich source of confidential information they store and their cybersecurity loopholes. Hackers take advantage of this weakness to make money by selling personal information online.

Q2: How does ransomware affect healthcare?

Ransomware affects healthcare through private information leaks, which significantly harms the trust between the hospital and the patient. Sometimes, more severe breaches could even affect the daily operation of hospitals.