Cyber-awareness in Healthcare

Wendy Kennedy – CTO - UltraLinq Healthcare Solutions Ltd

In response to the recent WannaCry Ransomware incident the question regarding ways to stay on top of similar risks has been at the forefront.

In brief, I believe that technology companies in the healthcare realm need to continue to follow the guidelines set by the US, UK and the EU for software security. The FDA in the US has recently sent out a list of recommendations on cyber security which we will analyse and integrate into our Quality Management System. Continuous software update protocols should be in place as and when new versions become available to ensure the most up to date security releases. For cloud structure software solutions, each software release needs to go through a risk assessment before starting the design phase. Protocols specific to cyber security threats will require continual review. As a company our first line of defence is to design security in from the start. Participation in Information Sharing and Analysis Centres (ISAC’s) in turn will give valuable information from government and private sector on current or potential threats. When it comes to cyber security there is great value in sharing knowledge from trusted resources.

What could the healthcare industry do to avoid or at least minimise future attacks?

  • Updated patches constitute 75% of the fix. This is even more critical when using Windows , which is a prime target for hackers.
  • For Cloud-based Apps, keep computers updated on all OS security patches no matter which OS you use.
  • Strong and enforceable password protocols.
  • Train all staff how to spot phishing emails and phone calls - Hackers are not beyond trying any tactics they can to find a way into your system.
  • Ensure that employees security access matches their roles and responsibilities within your organization – How do we stop this? Top down enforcement, management must place value on security.

The above tasks my take more resources than anticipated. Planning, budgeting and prioritizing security is key for any organization to handle future cyber security threats.

Looking ahead, Cyber Hygiene is a must. Be proactive, take ownership of potential threats, be watchful and diligent. Remember it is not just traditional computer systems that are vulnerable. Any device connected to a network is susceptible.

Penetration testing, what and why?

Penetration testing is a tool used to test security from outside threats. A third party is normally called in to “hack” a product’s systems. It normally consists of automated scripting against the product along with someone physically trying to find doors into the network. Social techniques may also be employed. Someone will pretend to be a client/patient and try to reset a password and once done will have a way into your system.

Why is this important? You will never really know how good your security protocols are until you have someone try to breach your system. Better to have the good guys do it first.

Dennis Wait – Operational Director (UK/EU) – UltraLinq Healthcare Solutions Ltd

The appeal of SaaS solutions will become increasingly attractive in the healthcare sector. Pure cloud solutions such as UltraLinq allow for regular central software and security updates, avoiding organisation wide delays in implementing security infrastructure. UltraLinq develops innovative solutions for global healthcare with a focus on medical image management, low cost, point of care medical devices, and advanced data analytics, and since cyber-attacks are not localised, we therefor plan our security around this dispersed threat.

The NHS, UK and EU healthcare need to become better informed (at all levels), about the options and solutions available to address current and future challenges. As with most innovative or disruptive technologies this will initially require a top-down approach. Visionary executives are needed to push and drive the digital transformation. The cloud in healthcare brings about significant cost savings, as has already been proven at enterprise level.

Large organisations such as the NHS will reluctantly start using cloud solutions followed by exponential growth, with training for these new technologies of critical importance. Only through a “Critical mass” in cloud fluency rather than “Increasing momentum” could an organisation launch and sustain such a transition to a “Cloud First” approach as proposed by government.

Five points to consider to future proof patient centred image management solutions.

  • Security and Cyber awareness – regular penetration testing alongside pro-active third party improvement of data security where applicable
  • Implementation of immediate tactical fixes, leading to continuous transformation to deliver real business benefits.
  • Agile techniques and technologies – allowing for rapid assessments and analysis
  • Flexible audit capabilities –adding to future requirements, big data analysis, deep learning and neural network development
  • Credentialing and applicability – Ensure solution is continually fit for purpose.

UltraLinq Healthcare Solutions Ltd
Building 1
Chalfont Park
Gerrards Cross

020 38841744