L.D. Gill, hospital security officer at Atlanta-based Emory University Hospital, discusses how hackers are using mobile and medical devices to break into hospital cybersecurity systems and the best way staff can help in the aftermath of an attack.
Question: What would you say is the No. 1 threat to hospital cybersecurity today and why?
L.D. Gill: Mobile devices and medical devices that have access to the network. These devices can house malware to read data that can access the network and compromise IT security. Hackers controlling these devices and network operations can put the hospital in a hostage situation by locking it out of its own devices and data access.
Q: What do you see as the next big cybersecurity threat hospitals should look out for?
LG: Medical devices connected to the network pose the biggest threat because the initial thought of the user is that the equipment is broken. The reality is the medical devices are being used as a conduit to gain access to the network and gain private information. The machine still connected to the network provides hackers an opportunity to progress through the network undetected.
Q: What advice would you give to hospital CISOs or CIOs to get hospital staff on the same page in the aftermath of a cyberattack?
LG: Staff use the same software daily and know what the software should be doing for them as a user. There are faint glitches that occur with malware that most users overlook due to their need to access information themselves. I would tell staff to notify their IT department immediately to make sure the devices have not been compromised.
Q: What do you consider to be the most important aspect in hospital data protection?
LG: Data management can be expensive but necessary in the long run for network security. Who has access and what devices used to access the information should be [a] limited and closely monitored system. Limiting device access and network usage for those devices narrows down and limits the possibility of intrusion through electronic mobile devices and medical equipment.
To learn more about hospital and health system cybersecurity, as well as the key trends for CISOs, register for the Becker's Hospital Review 2nd Annual Health IT + Clinical Leadership Conference May 2-4, 2019 in Chicago. Click here to learn more and register.
More articles on cybersecurity:
The hospital digital revolution & what it means for cybersecurity: 4 Qs with University Hospital Newark, New Jersey's interim CISO
5 questions to help CISOs assess cybersecurity preparedness
Healthcare data breaches spike significantly in 7 years: 5 things to know