When you think about public health, you might first think about viruses, plagues, pandemics, and the like. Given the chaos stirred up by COVID-19, folks the world over have good reason to fret about viruses. However, cybersecurity is quickly emerging as a public health issue, and it could have an immense impact on the well-being of communities across the world.
For one, hospitals and healthcare organizations are favorite targets for hackers and criminal groups. Why? Among other things, hospitals often use a lot of sensitive data, and hackers typically prioritize sensitive data as it’s often more valuable. Once a hacker has sensitive data, they can sell it to interested parties, say other criminals or foreign governments. They can also hold the data hostage, threatening to release or destroy it if a ransom isn’t paid.
Further, cybercriminals often target critical infrastructure. If they can shut down such infrastructure, the criminals will have a lot of leverage, which they can use to demand ransom or to secure other benefits. If a hacker group knocks a hospital offline, it could lead to serious injuries and even death. The high risks mean that many healthcare organizations, and other organizations handling other critical pieces of infrastructure, are under immense pressure to pay ransoms. This makes them the perfect target for criminals. This also means cybersecurity must be a priority.
Table of Contents
Why We Should View Cybercrime as a Potential Public Health Problem
Public health is generally used to refer to efforts that focus on improving the health of communities as a whole. Let’s say a beach town takes out commercial time on local radio stations to warn people to use sunscreen while outdoors. This is an example of a simple public health measure. If government officials can encourage people to wear sunscreen, those individuals may be less likely to suffer sunburns, skin cancers, and other health issues.
On the other hand, if a patient is visiting a doctor, who then recommends the patient use sunscreen, this isn’t public health. Of course, wearing sunscreen is still important for an individual’s personal health. The difference here, however, is scale, and public health is typically performed at the community level, not individual.
Public health efforts often focus on using and establishing an infrastructure that promotes good health. One of the earliest public health measures ever undertaken was when Dr. John Snow removed a pump handle on Broad Street in London. Dr. Snow found evidence that water from the pump was causing a cholera outbreak. By simply removing the well pump handle, he was able to greatly reduce the disease’s spread all the way back in 1854.
This brings us back to hospitals and healthcare systems. These systems are crucial to the communities they operate in and serve. Disruptions to healthcare services, or rising healthcare costs as attacks erode the hospital’s financial position, could all have a large and widespread impact on the community.
Unfortunately, cybercriminals are attacking hospitals, and in some cases, have even disrupted services. Ambulances have had to be rerouted and surgeries relocated due to cyberattacks, for example. In other words, cybersecurity attacks can have a major impact on a community’s health. This, in turn, could affect health outcomes for individuals. In that sense, it’s possible to view cybersecurity as a public health issue.
A Quick Look at the State of Healthcare and Cybersecurity
The good news is, hospitals, software developers, security experts, public officials, and other relevant stakeholders are working to address security gaps and concerns. In many countries, healthcare patients and their data are protected by various government laws. In many cases, these laws have played a role in cybersecurity, even if sometimes indirectly.
For example, in the United States, the Health Insurance Portability and Accountability Act (HIPAA) institutes relatively strong stipulations for protecting patients and their confidential data. This, in turn, has long encouraged hospitals and other organizations to adopt rather stringent policies when storing and handling data. Many organizations also already have a culture in place that prioritizes protecting patients and their confidential info.
A proactive culture and stringent data policies can help ward off cybersecurity risks, thus protecting patients and communities. Still, cyberattacks are on the rise and it’s important to remain diligent.
How Cyber Criminals Can Prove Bad for a Patient’s Health
Consider that even a short power outage could cause crucial medical devices to shut off. Someone who is depending on a ventilator may not survive even if the machine is knocked out for only a minute or two. Fortunately, hospitals often have backup power systems. Thus, even if a storm knocks out power, the lights can stay on.
With criminal hackers, however, if they can knock off the main power system to a hospital, they may also be able to take down backup systems. Or a criminal could skip the power altogether and could threaten to shut down medical devices with other means, such as malicious computer viruses.
Cyberattacks on hospitals are a modern problem and thus the track record is a bit short. Researchers are still examining how cyberattacks directly on hospitals can affect patient health. That said, some of the early evidence so far uncovered is very worrisome.
Research so far indicates that roughly a quarter of hospitals saw mortality rates rise after a cyber security attack. This increased mortality could be due directly to disruptions in care. Cyberattacks could also be affecting nurses, doctors, and other staff members mentally, which could lead to decreased performance.
This may worsen health outcomes for patients and could affect the community as a whole.
Access to Health Care is Already Strained
The health risks associated with cyber security attacks can prove especially worrisome in areas with limited access to healthcare. Many parts of the United States lack access to even basic healthcare facilities, such as hospitals, emergency rooms, pregnancy wards, and the like.
In some rural areas, a small clinic staffed by a lone doctor may be the only medical facility within many miles. In other far-flung areas, there may simply not be a doctor at all. If a cyberattack knocks out a clinic in an underserved area, the local community may have to travel much longer distances to receive even basic care. In an emergency situation, minutes, if not seconds, can be the difference between life and death.
Meanwhile, folks who live in communities with multiple hospitals may be able to turn to alternative facilities to secure care in the event of a serious cybersecurity attack. Often, only one medical facility or system is targeted by a cyberattack. This is especially true if the industry is fragmented, like in the United States, where different organizations often use different software, services, devices, and the like.
If one system is knocked off at a hospital, the systems at another hospital might be untouched and not vulnerable (to the specific cyberattack already occurring). Still, even if more hospitals are available, they could quickly become overcrowded, which could reduce health outcomes for the community as a whole.
What Will Happen During the Next Public Health Emergency
During the COVID-19 pandemic, communities around the world stepped up to help each other. National leaders and political parties, many of whom were inexperienced when it comes to dealing with pandemics, stepped up to serve. Fortunately, many leaders, first responders, essential workers, and communities all proved capable of stepping up to the task.
Yet at the same time, some unscrupulous parties sought to use the COVID-19 pandemic to exploit other people and lock up tidy profits through profiteering, cybercrime, and various other tactics. Sadly, during the COVID-19 pandemic, cyberattacks on hospitals, government agencies, and other organizations increased. This was especially true for organizations and businesses critical to healthcare and the economy.
Criminals know that during a pandemic, many people, including employees at hospitals and government agencies, will be under high workloads. This makes folks more prone to mistakes, and a simple slip-up could leave systems for hospitals and other organizations exposed.
Unfortunately, cybersecurity attacks make it more difficult for authorities to deal with health crises like pandemics. If healthcare systems are down, practitioners will struggle to properly treat patients. As a result, this can worsen public health as patients struggle to access the care and resources they need.
How Hospitals and Other Organizations Can Protect Public Health Via Cybersecurity Measures
When drafting public health plans, cybersecurity probably isn’t at the top of the list, especially for medical practitioners. When a disease is threatening to cause havoc in a community, it’s natural for medical professionals to focus on the disease and immediate threats to health, such as environmental contamination.
Yet cybersecurity remains a major risk, and if a hospital is attacked, especially during a major event, like a pandemic, it could have a huge impact on public health. Fortunately, there are many steps organizations, IT professionals, and medical practitioners can take to reduce risks. There’s no surefire way to prevent cybersecurity attacks, but some simple steps can greatly mitigate threats.
Let’s take a look at some of the best moves organizations and individuals can make to reduce cybersecurity threats.
Make Sure All Employees Understand How Critical Cybersecurity is
Did you know that human error plays a role in more than 87 percent of cybersecurity attacks? Often, hackers use social engineering, like phishing campaigns, to get users to hand over their login credentials to sensitive systems. Once a criminal is in the system, they’re in a much better position to hold data hostage or to otherwise steal/misuse it.
Another common tactic is a brute force attack. With this simple hacking technique, criminals will try out different passwords to log into various systems. Typically, they’ll try out common passwords, like “Password123”. Ultimately, a lazy password could offer unscrupulous parties easy access to sensitive data.
By training employees, including administrative staff, medical practitioners, and others, it’s possible to reduce vulnerabilities. Simply teaching people the importance of difficult-to-crack passwords or how to spot phishing attempts can greatly improve cybersecurity.
Ensure Proper Access Control
At the end of the day, much of cybersecurity simply comes down to access. Indeed, access is crucial for security in general. A simple locked door is a form of access control. Yet when it comes to sensitive systems and data, and especially anything connected to the World Wide Web, a locked door certainly isn’t enough. Fortunately, modern Identification and Access Management (IAM) systems make it easier to check and verify users.
With the right cloud IAM system, hospitals and other organizations can restrict access to sensitive data and information while also keeping costs and hassles low. The best IAM systems not only deliver increased security, but can help reduce costs, especially when you consider how expensive a cyberattack can get. Cloud services can be an especially great option, because a well-run service will be maintained by security experts who will look for and mitigate risks day in and day out. This increased security ends up being passed on to clients.
Make Sure All Software is Up-to-Date
Updating software can be a pain. Often, simple updates can disrupt workflows. Occasionally, an update will make software a bit more unstable to use. Given the hassles, many people ignore update requests. Still, software patches are one of the most important tools for closing security gaps.
Most software will have some vulnerabilities. It might be impossible to build a perfectly unhackable software platform. Yet many software companies look for vulnerabilities on a constant basis. When a vulnerability is located, they can write a patch to close the security gap, making it harder to break into the software. If the software isn’t patched, that means the vulnerabilities will remain open.
Don’t want to deal with updates? Consider well-maintained SaaS solutions instead, as the providers will typically handle updates.
A Holistic Approach is the Best Approach for Community Health and Cybersecurity
Medical professionals now have access to more tools than ever before. They can now use these tools to improve health at both the public and individual levels. Likewise, organizations and IT professionals can now leverage myriad tools to address a plethora of cybersecurity issues. In the long run, this can lead to more efficient, stable, and effective healthcare systems.
Also read – The Cost-Effectiveness of Remote Patient Monitoring for Healthcare Systems