Skip to content
All about health & wellness.

Healthcare Securities in an Expanding Digital Landscape: Managing Risks

Healthcare security experts at HIMSS23 discussed the importance of robust device security and managing third-party risks in the healthcare sector.

 and  Administrator
3 min read
Healthcare Risks Reduction in a Growing Interconnected World (HIMSS23)
Healthcare Risks Reduction in a Growing Interconnected World (HIMSS23)

Healthcare Securities in an Expanding Digital Landscape: Managing Risks

In the rapidly evolving landscape of healthcare, cybersecurity is a growing concern, particularly with the increasing number of connected devices and the need for robust prevention and response plans.

The Rise of Connected Devices

The healthcare sector is embracing the Internet of Things (IoT) technology, incorporating smart beds, electrocardiograms, thermometers, and smart medication dispensers into their operations[2]. This increased connectivity, however, presents a larger attack surface for cyber threats.

Addressing Potential Risks

With more connected devices come more entry points for hackers, making it crucial for healthcare organizations to secure these devices effectively. Best practices include multifactor authentication, regular software updates, offline backups, and staff training on phishing detection[4].

Shaping Response Strategies

Healthcare organizations must be prepared to swiftly address security incidents. Comprehensive incident response plans should include protocols for containing breaches, notifying affected parties, and restoring operations[2]. The proposed Healthcare Cybersecurity Act of 2025 aims to enhance coordination between federal agencies and healthcare providers, providing resources like threat intelligence and cybersecurity tools without imposing new regulations[1].

Collaboration and Innovation

Efforts are underway to improve collaboration between healthcare providers and federal agencies like CISA to share threat intelligence and enhance cybersecurity capabilities[1]. Technological innovation, such as AI, can help improve patient outcomes and enhance cybersecurity by monitoring and analyzing data for potential threats[2].

Current Scenario in Major Healthcare Organizations

  • UNC Health CISO Dee Young manages about 350,000 connected devices at any one time, with about 35,000 to 40,000 being medical devices[5].
  • Keith Whitby, IT division chair for healthcare technology management at Mayo Clinic, supports over 130,000 medical devices and systems, valued at over $2.5 billion[6].
  • Cleveland Clinic CISO Vugar Zeynalov anticipates that adding or continuing vendor relationships will continue to grow in the coming years[7].
  • Intermountain Health CISO Erik Decker emphasizes that the healthcare ecosystem has expanded beyond the traditional hospital or health system boundaries[8].

Addressing Third-Party Risks

Third-party risk assessment in healthcare is currently disjointed, according to ChristianaCare CISO Anahi Santiago[9]. Collaboration is necessary for effective enterprise risk management, as highlighted by Donald Lodge, compliance officer at Advocate Health[10].

The Need for Prevention and Response Plans

Despite the efforts to improve cybersecurity, only 51% of security professionals say their organization has a prevention and response plan for a medical device cybersecurity attack[11]. The Software Bill of Materials has been identified as a useful tool for providing more information about what's baked into a device[12].

Conclusion

As the healthcare sector becomes more interconnected, the risks of cyber threats also increase. However, ongoing efforts are being made to strengthen prevention and response measures through regulatory support, technological innovation, and collaboration. These efforts aim to protect the sensitive data of millions of patients and ensure the continued success of the healthcare industry.

[1] Healthcare Cybersecurity Act of 2025 [2] Healthcare Cybersecurity: Protecting America's Patients [3] Data Breaches in the Healthcare Industry [4] Healthcare Cybersecurity Best Practices [5] UNC Health's Cybersecurity Efforts [6] Mayo Clinic's IT Division for Healthcare Technology Management [7] Cleveland Clinic's Cybersecurity Priorities [8] Intermountain Health's Cybersecurity Initiatives [9] ChristianaCare's Approach to Third-Party Risk Assessment [10] Advocate Health's Collaborative Approach to Enterprise Risk Management [11] Medical Device Cybersecurity Preparedness [12] Software Bill of Materials: Enhancing Transparency in Healthcare Devices

  1. The increasing use of smart devices in health and wellness, such as smart beds and smart medication dispensers, underscores the need for advancements in science, particularly in cybersecurity, to ensure the secure handling of medical-conditions data in the rapidly evolving landscape of healthcare.
  2. In the ongoing quest for health-and-wellness improvement, collaboration between healthcare providers, federal agencies like CISA, and technology innovators is crucial to enhance cybersecurity capabilities and protect sensitive health data from potential threats.

Read also:

    Related

    Latest