MADRID (Portaltic/EP).- The pandemic accelerated the digitization of the health sector and the adoption of telemedicine, but there is still much concern regarding cybersecurity. Data such as medical records can be sold on the DarkWeb for just over a euro and used to extort money, run scams and phishing schemes, or directly steal money.
The cybersecurity company Kaspersky conducted a study among health organizations in 34 countries that shows that “to face a new era of digital medicine, it is necessary to strengthen cybersecurity measures.”
Although Spain is at the forefront in terms of telemedicine services – 100% of the medical organizations consulted have already implemented them, compared to 91% in Europe and 93% in the rest of the world – concern regarding security and privacy is still significant. According to the study data, 37 percent of the health companies surveyed have experienced cases in which patients have refused to have a video call with medical personnel due to privacy or data security issues.
Likewise, 75 percent of Spanish health service providers state that the doctors in their organization have expressed concern regarding the protection of patient data when conducting sessions remotely and only 31 percent are very sure that their The organization has the necessary security measures.
Despite the existing difficulties related to its safety, doctors believe that data collection is one of the most important aspects in the development of medical technology. In fact, 80 percent agree that the sector needs to collect more personal information than it currently has, in order to train Artificial Intelligence and guarantee a reliable diagnosis.
old operating systems
According to the research, the majority (60%) of Spanish companies that offer telemedicine services use old operating systems, which exposes them to more vulnerabilities and cyber risks. The reasons they give are mainly due to high upgrade costs, compatibility issues, or lack of internal knowledge on how to upgrade. This can leave access doors open for cybercriminals.
Regarding cybersecurity preparation, only 40 percent of health sector workers in Spain admit to being “very sure” regarding their organization’s ability to effectively stop all attacks or security breaches that occur in the network perimeter. And the same percentage (40%) are convinced that their organization has adequate and up-to-date computer hardware and software security protection.
This reality coexists with little preparation in cybersecurity on the part of health personnel. Data breaches do not always occur as a result of the actions of cybercriminals. Very often, information can be compromised by insiders. According to the Kaspersky survey, 25 percent of Spanish healthcare providers have experienced cases where their employees have compromised patients’ personal information during online consultations.
In addition, only 13 percent of healthcare providers are confident that the majority of medical staff who consult online are clearly aware of how their patient data is protected. This is despite the fact that 70 percent of medical organizations offer cybersecurity awareness training.
“These figures come to show that most of the implemented training offer is not adapted to reality and does not cover the most useful topics for the daily practice of physicians,” Kaspersky warns.
Expert Recommendations
Kaspersky experts recommend that healthcare institutions provide security training to employees who have access to patients’ personal information. “The training should cover at least the most essential practices, such as the correct use of passwords, email security, private messaging and safe Internet browsing,” they detail.
In the same way, they urge the use of a firewall that serves as a barrier once morest external threats. This will defend web servers from different types of malware, including viruses, ransomware, and Trojans.
To help minimize the likelihood of cyber incidents caused by outdated and unpatched systems, Kaspersky recommends the following measures, experts also encourage performing a cybersecurity audit of your networks and remediating any discovered weaknesses at the perimeter or within the network.
The cybersecurity company has tools such as Kaspersky Expert Security framework and Kaspersky Embedded System Security, as well as Managed Detection and Response services, which allow timely investigation and remediation of incidents; hardening embedded systems in medical devices that sometimes have low-end hardware and old software; and provide endpoints with adequate protection.