Digitalization has experienced an enormous boost in various industries in the past year. This has opened up many new opportunities, particularly in the healthcare sector and especially in the hospital environment. However, the possibilities of networking also offer new attack surfaces for cyber criminals.
At the latest now, and in view of the attacks on hospitals that have already taken place, the question must be addressed of how processes for the security of IoT devices and IT structures can be integrated into organizations.
But how can hospitals protect themselves against cyber attacks and what measures should be initiated in the event of a hacker attack? Detective Chief Inspector and cyber-crime prevention expert Peter Vahrenhorst from the NRW State Criminal Police Office provides some recommendations in this regard:
4-point prevention plan
Holistic approach to safety
Hackers do not distinguish between medical IT and classic IT, so the first measure in this area is to break down the silos and take a holistic approach. Only with such an approach can an unrestricted IT security concept be implemented.
An important component is also the assignment of responsibilities. If the assignment is clearly regulated and defined, responsibility is also assumed. This structure should be lived from the boss to the janitor.
The classification of business processes is considered a security component in the medical environment too. Which areas can I take offline for longer if necessary? What is existential or even life-threatening? Network segmentation is the tool of choice here.
Broad-based investment in security
For any investment in IT, a share of the costs or a cost assessment must always be included for IT security. What good is having X number of devices, if I then no longer have a budget for secure operation?
With all investments in defending against hacker attacks, it is also necessary to factor in the possibility of a successful attack on your IT systems, and have an IT recovery plan in place.
What steps should be taken in the event of a cyber attack?
Peter Vahrenhorst gives recommendations and shows measures that should be taken in the event of a cyber attack:
- In the first phase of detecting and understanding an attack, it is essential to already have a list of all relevant contacts at hand. This also includes the central contact points of the state criminal investigation departments. These should have already been incorporated into the emergency plan to avoid wasting time. Time is a critical factor here.
- IT systems often store log files only within a narrow time period. Back up these log files in time, or extend the storage period, and increase the log level if necessary.
- A contact person is needed who has an overview of the IT-relevant processes in the company and who can also ensure direct access to the systems (e.g. to collect log and protocol files). If the administration of the IT technology is in the hands of an external service provider, this provider should be contacted and urged to cooperate.
- As soon as you learn about the relevant IT incident, please take an incident log. Also log any changes you have made to affected systems.
In addition, it is important to monitor the network and IT systems closely and intensively even after a cyber attack, paying attention to any unusual activities. In this way, you can ensure that your systems are functioning properly again. It also allows you to identify a potential repeat attempt at an early stage.
In addition, a cyber attack can be used as an opportunity to review current rules, measures and processes, and to optimize them if necessary. Your emergency plan for an IT incident should always be kept up-to-date.
Find webinar recordings on this topic “IT & IoT in Healthcare: How can hospitals be protected against hacker attacks?” (German language) in our members + area.
Tatjana Hein is Project Manager IoT and Mobility at eco – Association of the Internet Industry. She is responsible for topics related to Internet of Things like Smart Factory, Smart City, and Smart Home, as well as mobility issues. Before joining eco in 2020, she was content manager and creator at a European analytics provider and was also a guest author for several magazines (such as Big Data Insider, Website Boosting, UPLOAD magazine, marconomy, Contentbird). Before that she worked in an agency as public relations manager for several start-ups.