Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks

With the rise of hospital usage because of the pandemic, the authors in this article point out another worrisome rise: the rise of cybercrime against hospitals. As Argaw et al. illustrate, a cybersecurity threat for hospitals is much more severe than a hacker gaining the blood type of one individual. Rather, there is an enormous amount of PII (Personally Identifying Information) that could lead to identity theft or hospital shutdowns, which could lead to fatalities if their machines are not able to run. Through case studies in Germany, Norway, and the United States, the authors suggest ways to increase security in hospitals. Their first recommendation lies within having quality IT “at their foundation”, taking preventative measures, adopting a risk-based approach, and conducting trainings. The risk-based approach is highlighted with the dilemma between protecting patient information versus maintaining efficient operations- data (like medical records) needs to be easily accessible in case of a patient emergency but secure enough that a hacker cannot compromise their information. To mitigate this specific tradeoff, the authors look towards limiting administration access, which decreases the probability of an attack as well as coming up with data sharing and incident response plans. Finally, the authors underscore the importance of examining every technology in a hospital and considering their cybersecurity and whether all medical devices are routed on the same network. Diversifying networks and looking more critically at the devices’ cyber policies will help to mitigate the risk of them being hacked.