21/08/2017 05:42 AST
A lack of proper cybersecurity training is making Gulf hospitals and medical providers among the most vulnerable targets for “catastrophic” attacks by hackers who have more than one way to breach their defenses, experts have warned.
The IT framework of health care facilities has also created challenges in building an effective cyber-safeguard, according to information security leaders who say health chiefs must adopt a “360-degree view” of cybersecurity to block “bad actors.”
The ramifications of hackers invading the health sector were illustrated in May, when the global WannaCry ransomware attack crippled the UK’s National Health Service (NHS), causing IT shutdowns at hospitals and GP surgeries.
Experts say health care organizations are potentially disadvantaged because they fear threat-detecting measures could impair how medical staff do their vital jobs.
Despite the measures introduced by countries such as the UAE to ensure health care facilities have rigorous security networks and data protection procedures, Amir Kolahzadeh, CEO of Dubai-based cybersecurity firm ITSEC, said there is no room for complacency because cybercriminals are not restricted to conventional hacking.
“In the context of one-dimensional security, medical companies and hospitals in the UAE and the region are well-protected,” he said.
“But as cybersecurity becomes more complex to defend against, we have to adopt a 360-degree, multidimensional view. The lack of understanding of social engineering, social media safety, and proper cybersecurity and patient privacy training for medical and administration staff places these organizations in a higher-risk category.”
Kolahzadeh said cybercriminals are no longer hacking into systems via the Internet, but using phones, obtaining information through visits, and impersonating third-party vendors or clients to target a facility and gain access to data that could compromise its network.
“Traditional network firewalls are just a small factor in the complex cybersecurity equation, and the health care industry must have a holistic view of security to win this particular cyberwar,” he said.
Greater network connectivity within the health sector through the Internet of Things (IoT) has been cited as a particularly vulnerable spot for hackers to exploit.
“The fallout from hospitals and medical companies not having adequate cybersecurity provision in place is potentially catastrophic, as major attacks and compromises can cost lives if a hacker remotely takes control of power, cooling systems or medical devices,” said Kolahzadeh
“It’s not just a case of data leaks or medical records being stolen, which is why health care facilities must think outside the box on cybersecurity.”
Scott Manson, cybersecurity lead in the Middle East and North Africa (MENA) for technology giant Cisco, said health care organizations prefer to flow data through a single network and use “logical segmentation” to separate different types of network traffic.
But he warned: “If this segmentation isn’t done properly, the risk of attackers gaining access to critical data or devices increases.”
He added: “Globally, ransomware attacks have already done damage to health care organizations. They’re an attractive target for online criminals who know health care providers need to protect patient safety at all costs. In health care, most decisions about security are driven by patient safety, outside of regulatory requirements and the protection of corporate assets.
“Leaders of health care organizations fear attacks that could take down mission-critical equipment, endangering patients’ lives. They’re also concerned that security measures designed to monitor online traffic and detect threats can slow down the flow of data in critical systems, undermining medical professionals’ ability to diagnose and treat patients.”
Experts say des
Arab News
Please wait...
