cybersecurity in the medical field
Cybersecurity

Network connectivity and cybersecurity in the medical field

Marty Tatro
by March 1, 2022

How are medical professionals using technology to communicate?

In the medical field, it is of the highest importance that professionals be able to communicate both freely and securely with each other and their patients and families. Doctors and specialists must gather the information that will help them give a proper diagnosis, communicate that prognosis to the patients and their loved ones, and communicate within the practice or organization to ensure that appropriate methods of treatment are given. Until the advent of computing systems that could be used in the workplace, this was done by phone, telegraph, physical means such as letters and medical charts, and other methods. Today, doctors can email or even video conference with their peers, patients, pharmacies, and more. Magnetic Resonance Imaging (MRI), Computed Tomography (CT) scans, and other types of lab results can be transmitted via email directly to those who need them for further evaluation. Medical sensors and systems are linked to computers for control and record-keeping, and those computers are available to nursing and medical staff within the organization.Each of these systems, sensors, computing devices, scanners, and other devices are connected to networks both internally and externally that allow the information to be collected and used by anyone that has access. With all these items connected, laws and regulations have been enacted to ensure the privacy and security of patient information are managed by those accessing it. But, even with protections and controls, these systems are still vulnerable to attack from threat actors.


What are some of the ways healthcare information has come under attack?

With more accessible communications and networking comes vulnerabilities that others are willing to exploit for many reasons. The value of health information is limited only by the imagination of those accessing it without permission. Health information can be used to fool patients and providers into purchasing products and services that are not needed or that don’t even exist. Healthcare insurance fraud is dangerous but exceptionally profitable. A quick call to an unwary patient can divulge personal information related to Social Security, bank accounts, addresses, family and loved one’s information, etc.Recently, a series of vulnerabilities were disclosed that allow the remote control of pneumatic tube systems (PTS) used to move messages, medicine, and lab samples within a medical facility (Tatro). This type of vulnerability could cause medical professionals to lose access to needed information or shut down a facility entirely for a while if there are no methods in place to mitigate the problems caused.
In the end, these types of vulnerabilities can wreak havoc on an organization, patients and their families, as well as medical professionals if not correctly dealt with promptly. 


How do I protect the connections inside and outside my organization? 

Connecting all of the medically needed communications and data storage technologies that we use today is much the same as those methods used by other industries and organizations. Ensuring that the systems you use daily are appropriate to the work you do, well maintained, protected, and that the data accessed or stored is also up-to-date and protected is the first step. Using connections that work well, but don’t expose your data needlessly, is another target to work toward attaining.
Some things to think about when connecting data technologies:

  • Are your technologies capable of working together without creating vulnerabilities?
  • Will your systems allow access only to those who need to use them, and can they be used to access information that isn’t necessary to the work done on them?
  • When medical data moves from one location to another, is it encrypted? Is it moving along an encrypted pathway?
  • Does your organization have ways to deal with breaches if and when they occur? Could you recover from, say, a ransomware attack?
  • Is data stored properly when not used, and is it destroyed when it is no longer needed?

While the list above is limited, it is an excellent place to start when you consider the security of your patient information. Placing data security, with appropriate accessibility considerations, at the top of your ‘to-do’ list is an essential part of what your organization needs to ensure business continuity and patient safety.

Northstarr recommendations:

When you begin to consider your organization’s needs as it pertains to cybersecurity, look to Northstarr System Solutions, Ltd. to assist you in the endeavor. We can provide you with the expertise and knowledge required to ensure the best, most secure work environment possible. Don’t let a lack of security halt your ability to provide effective and timely medical assistance to your patients!

You May Also Enjoy These Articles: