WannaCry highlights need for secure healthcare communications

HCIC fails to ensure persistent communications

According to a report in Healthcare Informatics, the biggest concern facing CIOs is their data being compromised. In the wake of the WannaCry worm, this is hardly surprising. When the WannaCry worm hit the UK’s national health service, many of the country’s hospitals were unable to perform routine visits as their computer systems were overrun.  Routine communications were blocked, ambulances were unable to reach emergencies and many surgeries were cancelled.

While the US was largely spared this level of attack, there shouldn’t be much rejoicing. It was largely luck that left the US unscathed. And this highlights the necessity of CIOs to re-examine budgets and update their security. That will indeed be a tough introspection as the reason many CIOs have not invested in data security is budget constraints.  Healthcare organizations are faced with a choice of purchasing cybersecurity technologies to secure networks and data or buying new, much needed medical equipment or paying staff costs.

Yet eventually the healthcare industry’s arm will be forced as they will need to comply with cybersecurity mandates or get out of business. The beginnings of this soul searching comes at the same time that the Health Care Industry Cybersecurity (HCIC) – which was formed by Congress in 2015 and is charged with the mandate of addressing the cybersecurity challenges faced by healthcare –  has created 6 points to encapsulate how they wish for healthcare to handle the rise and menace of attacks.  These points, which were released at the beginning of the month are as follow:

1. Define and streamline leadership, governance, and expectations for health care industry cybersecurity.
2. Increase the security and resilience of medical devices and health IT.
3. Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
4. Increase health care industry readiness through improved cybersecurity awareness and education.
5. Identify mechanisms to protect R&D efforts and intellectual property from attacks or exposure.
6. Improve information sharing of industry threats, risks, and mitigations.

The HCIC believes that once implemented, the recommendations will increase security for the health care industry’s organizations, networks, and associated medical devices.

However what the HCIC fails to realize is the necessity – not just importance, but necessity – of ensuring a strong communication platform is in place at the hospital or clinic during the cyberattack. A cyberattack is likely to compromise communication channels such as email or websites. Alternative communication portals will need to be found and found quickly. As one source wrote, thinking through these realities during peace time will save you a huge amount of time and stress.

The advantage of using a secure healthcare communications platform (like OnPage) is that there will still  be the ability for physicians, nurses, CIOs and everyone in between to communicate via their secure mobile messaging and alerting application. Given that the OnPage app is HIPAA-compliant, communications will be encrypted and will not compromise patient privacy.

So before you or your hospital go too far down the road of following the HCIC mandates, consider that you’ll need a strong communication device in play to keep your institution running while you expertly manage the other aspects of your cybersecurity plan.

Download our whitepaper Secure Messaging Even if You WannaCry to read more about secure healthcare communications during a cyberattack.