‘Practice cyber hygiene’ to ensure information remains safe, providers advised

It has never been more important for aged care organisations to secure their networks, writes Steve Hunter.

In the last decade, technology has transformed aged care by automating many of the most mundane tasks, reducing the risk of errors and delivering substantial improvements in resident outcomes.

Modern aged care facilities have hundreds, if not thousands, of connected devices for improving care. Despite best intentions, many of these devices were not designed with security in mind, which makes them easy targets for hackers as potential points of entry to inject malware.

Within two years, research and advisory company Gartner estimates that “the number of medical devices requiring security hardening by a healthcare provider will increase by 45 per cent.”

A cyberattack could easily cripple operations, expose sensitive patient records and potentially put lives at risk.

By now, many aged care facilities have digitised residents’ paper records into electronic form. These records are highly sensitive, personal and extremely valuable to hackers. Hackers can use the data to create fake ID’s, commit insurance fraud, and most worryingly use it for blackmail or ransom.

Under the My Health Record system in Australia, every citizen will have an electronic health record by the end of 2018 unless they opt out.

Recently, the Australian government introduced the Notifiable Data Breach scheme. The OAIC received 63 data breach notifications under the scheme during the first six weeks of the scheme’s operation with healthcare the highest breached sector with 24 per cent of breaches.

This creates a real urgency for organisations to understand what is connecting to their network and have a plan in place for if a data breach occurs.

It’s therefore crucial to boost security, privacy, and compliance while maintaining availability of these important systems. However, efforts to do so are being hampered by a lack of real-time visibility into activity on the network.

Unmanaged devices aren’t equipped with security agents while devices come and go from the network constantly, making it impossible to manually manage them all, despite the risk that many of them may be unsecure. Periodic, point-in-time vulnerability scans don’t tend to reveal these gaps.

Aged care providers need a solution that lets them see and monitor all devices, regardless of type, on the network. This includes laptops and PCs, smartphones, medical devices, printers, and other Internet of Things (IoT) devices.

The solution should then segment the network and assign devices to appropriate segments according to their policy compliance requirements. It should also assign and enforce access policies across the network hierarchy that can be based on device type, hygiene level, and ownership.

The solution should continuously assess devices and network behaviour to detect any changes or anomalies that could detect malicious activity. And, it should orchestrate information-sharing among all the organisation’s security tools to maximise existing investments and automate security responses.

The right solution will deliver exceptional visibility into every single device that’s connected or attempting to connect to the network and let the business decide how to treat that device; as a friend or foe.

It’s time for our aged care providers to practice cyber hygiene in order to leverage new technologies without compromising on information security.

Steve Hunter is senior director of system engineering Asia Pacific and Japan at ForeScout, an IoT security company.

Comment below to have your say on this story

Send us your news and tip-offs to editorial@australianageingagenda.com.au 

Subscribe to Australian Ageing Agenda magazine and sign up to the AAA newsletter