Cybersecurity mechanisms in Healthcare IT
Healthcare, like many other industries, is becoming more efficient in delivering clinical results and more cost effective through the use of Information Technology (IT), including computers, applications, electronic networks and related technologies. However, the use of these technologies and the increasing exchange of health information among health providers also pose a privacy and security risk to personal information and personal health information. Health information that is disclosed to unauthorised individuals, accessed incorrectly, tampered with, or lost could result in devastating impacts on patient health or even life.
Technologies developed through the recent years like telemedicine, home care systems, remote monitoring, wearable, big and smart data are some noteworthy examples of technologies that will be relevant to ensure the quality and sustainability of future healthcare models. In such environments, resilience of healthcare systems and the full patient ecosystem is a crucial need. In this evolving contemporary environment where cyber-attacks are threatening and jeopardising the aforementioned services, the healthcare providers need to reckon on the above challenges and work towards mitigating the potential threats by making sure that the following aspects are well addressed.
- Healthcare services ‘resiliency against cyber-attacks;
- Prevention against data leakage and loss of patient data and identity theft;
- Real-time security and dependability monitoring;
- Skills improvement –both technical and behavioural –of the personnel via innovative training techniques (The awareness level in cybersecurity aspects for all levels of healthcare personnel, e.g., nurses, technicians, administrative personnel and doctors, is an important aspect. The user is most often the weakest link when attacking the target);
- System availability and business continuity;
- Security mechanisms to achieve automatic recovery from a cyber-attack in the shortest time possible;
- Data security and integrity;
- Transparency of data usage;
- Harmonisation of services and problems with both roles in the hospitals and harmonising laws among different countries (especially in Europe);
- Include security and privacy by design in the evolution of hospital services;
- When new devices or systems are implemented, cyber security aspects should be taken into consideration beforehand
SPHINX is projected to introduce a Holistic Cybersecurity Toolkit that can be universally applied in Healthcare Organisations to provide near-real time vulnerabilities assessment and proactively mitigate cybersecurity threats known or unknown, imposed by devices and services within a corporate ecosystem. The Project’s goal is to enhance the cyber protection of Health IT Ecosystems and ensure patient data privacy and integrity. SPHINX will provide an automated zero-touch device and service verification toolkit that will be easily adapted or embedded on existing medical, clinical or health available infrastructures, while the user will be able to choose from a number of available security services through SPHINX cyber security toolkit.
More information about the cybersecurity mechanisms can be found in Deliverable 1.5 that is publicly available here.