Health Checks for Healthcare Security Apps
29 April 2020
The healthcare sector is amongst the most heavily regulated in the world, and for good reason. From medical devices and diagnostic tools to best practices and procedures, there are strict national and international guidelines for everything. As patients, we trust the healthcare industry and its practitioners to do everything in their power to look after our physical wellbeing, but do we ever stop to think about what's being done to protect our online wellbeing? Is the healthcare industry as diligent when it comes to protecting patient data and information in the digital space?
For the most part, the answer is no. Studies and research have shown us that up to 50% of healthcare institutions and organisations' applications can be classified as 'always vulnerable'. With data breaches and widespread leaks of sensitive patient information - that can often lead to high-profile lawsuits as well as a loss of revenue and reputation - it's never been more important for the healthcare industry to put as much effort into safeguarding a patient's information as it does their life. Let's take a look at two of the most common healthcare security issues facing the industry today.
Data Leaks & Patient Personal Information Theft
The medical industry is up there with the slowest adopters of data protection measures and practices, especially when it comes to cryptography. Data leakage and digital information theft is rife. One of the reasons for this may be that patient data (for example test results or prescriptions) often needs to be shared in real-time with any number of third parties to help keep the lifecycle of care moving at a life-saving pace. However, this can lead to lack of forethought and preparation in how information and information software is leveraged to protect patient records and data.
Very often, doors can be left open to any range of attacks like SQL injections, firewall misconfigurations, cross-site scripting, or LDAP injection, leaving records exposed and up for grabs for any number of harmful deeds. The most worrying part in all this is the potential scale of the problem. Everyone, at some time in their life, will visit a hospital or a GP. When a data set vulnerable to a potential leak is everyone, there is cause for concern.
Attacks on Medical Software & Tools
As next-gen tech becomes more prominent in everyday healthcare, the risks to patients grow too in severity. It goes without saying that when patient records can be accessed, they can be altered with malicious intent. Untold havoc can be wreaked. But there are huge risks too outside the realm of just data. We are of course talking about biomedical devices.
Biomedical devices are really coming into their own as an industry. Every day more and more people receive life-saving treatment from wearable or implantable devices. Unfortunately, like any other kind of device or software, they too can be hacked. As recently as 2019, reports of vulnerabilities in pacemakers warned of the potential of hackers to manipulate the memory within these devices to extract patient information or, more worryingly, modify its function - to perhaps cease function or even deliver a shock to the patient. This becomes possible when communications made by biomedical devices aren't properly encrypted.
While it's vital to note that hackers can't simply perform these attacks remotely and do need to be in quite close quarters with a patient, they are still possible.
The Solution? Do What the Healthcare Industry Does Best
While it's completely understandable that when a patient walks through the doors of a hospital or a general practitioner's office, the first thing medical staff are going to think about is how to treat this person to the best of their ability. It's time that we start including a patient's online and digital safety in that process. How do we do that? We do what the medical industry has excelled at in doing for hundreds of years, we run tests. By running penetration tests on hospital and medical software, administration systems, and even biomedical devices, we can completely revolutionise the industry and help protect patients in the process.