Aged care and healthcare organisations are easy targets and very attractive for cybercriminals, creating an urgent need for these organisations to protect themselves, their staff members, their residents and patients. Visibility and control of all devices connected to the network, updating systems, and segmentation of the network itself are three ways these industries can protect themselves in a time when attacks are on the rise.
How COVID effected digital technology within the healthcare system
COVID-19 has put immense pressure on the healthcare system, leading to rapid digital technology adoption to maintain continuity and productivity across the board. This reliance on new technologies and increased connectivity has resulted in an incline in the number and severity of vulnerabilities in medical devices and cyberattacks within hospitals. These devices are crucial part of the day-to-day runnings within the healthcare sector and must be effectively secured. In many organisations, a significant number of out-of-date devices are connected to a central corporate network, creating vulnerabilities that cybercriminals can exploit. These devices include laptops, tablets, and smartphones which aren’t held to the same standard of security checks as corporate-owned devices, and might have already been compromised prior to joining the network. Most organisations have limited if any visibility into these devices, and can’t manage them centrally to ensure they’ve been patched to be protected against the latest exploits.
On the positive side for the aged care sector, COVID-19 has forced digitalisation to accelerate, moving the industry closer towards the new era of aged care, known as Aged Care 2.0. The long-term benefits of Aged Care 2.0 will be significant. However, in the short-term, it’s crucial to address security issues so that organisations can reap these benefits safely.
For example, while cloud adoption increases the visibility and control of connected devices, it can also increase the attack surface, giving cybercriminals a gateway to exploit vulnerabilities. Additionally, many aged care facilities rely on multiple siloed systems that each deliver certain functions of care, as well as a combination of cloud and legacy operating systems (OS). This complexity, along with the mission-critical nature of these devices, means health and aged care organisations don’t tend to have time to apply updates and patches. Updating the OS can plug security gaps but, when that doesn’t happen, out-of-date devices can sit unmonitored on corporate networks, creating a risk of old vulnerabilities being exploited.
Medical devices running legacy OS and firmware require costly updates that can potentially cause downtime that is not acceptable for critical-care systems. Some legacy applications just simply aren’t compatible with more recent versions of an OS and must be run as-is, using additional controls to provide security.
Full transparency and centralised control of all devices on a network is a key way that organisations can protect themselves at this point in time.
Protection and prevention can only come from having a holistic view of all connected devices, what OS they are running, and what they are doing on the network.
In order to achieve this, healthcare and aged care organisations must implement procedures to monitor corporate networks using tools that detect anomalies which could cause disruption in operations and endanger patients. Additionally, connected networks and devices must be segmented where appropriate in order to protect access to critical information and various services.
Healthcare facilities can reduce their risk in segmenting the network via the following four ways:
1. Improved security: isolating network traffic to prevent access between network segments.
2. Controlling access: only allowing users to access specific network resources.
3. Better containment: reducing the impact of a compromise to a smaller area.
4. Identify suspicious and unusual behaviour: preventing future attacks by logging events and monitoring internal connections to detect suspicious behaviour.
The disruption caused by COVID-19 has accelerated the movement towards Aged Care 2.0, as Australian healthcare and aged care providers seek the visibility and flexibility needed to manage future disruptions. They need to implement tools that provide full visibility and control of the network, let them centrally manage the latest updates to neutralise vulnerabilities, and segment the network to mitigate risk. Organisations that do this successfully will be able to move forward into the digital era with confidence and more peace of mind.