The Healthcare sector’s continued problem with cybersecurity vulnerabilities will continue for many years to come. As long as their equipment follows the principle of “use it until it physically breaks down.” In the world of IT, such a process does not work from the standpoint of security and privacy, especially in the aspect of the software. As long as hospitals, pharmacies, and other medical institutions insist on being connected to the Internet with their old unpatched software, hacker groups will continue to treat them as a low hanging fruit to attack.
Software updates, of course, is a double-edged sword, as the medical companies, both public and private use old hardware, these same updates may make the hardware unusable. Hence, the industry is between a rock and a hard place, they need enough funding to replace their aging hardware. Likewise, new software cannot be hosted on old hardware given the lack of enough computing power to handle it.
There are other factors that increase security risk for the healthcare industry, however, most devices and terminals are not connected to the Internet, which security researchers fond of calling it “air-gapping.” Antivirus software updates pattern files via the Internet, which is the backbone for performing virus detection and removal. Therefore, it is difficult to protect workstations that are not connected to the Internet, ironically being air-gapped, the only way for infection is through. If the product is temporarily installed and out of the vendor’s warranty, it may take several million yen to repair the device if something goes wrong.
What’s more, not being connected to the Internet seems to have led to over-confidence. Many people think that viruses are transmitted via the Internet. However, in recent years, the spread of virus infection via portable media such as USB memory, CDs, and DVDs has increased. Some hospitals have already banned their use, but use USB memory inside the hospital, such as bringing back data to create materials for presentation at the conference, keeping personal data that does not need to be uploaded to a shared system, etc.
Also, in many cases, the portable media used for the delivery of patient information, such as medical images, is the source of virus infection. Not only do you infect yourself, but if you cause damage to other hospitals with portable media prepared by your own hospital, it will also lead to problems with hospital credit. A good solution opportunity is for hospitals to totally abandon their old application software and fully migrate to the cloud.
The workstation can be migrated to Linux, with their native applications being served through the cloud using services such as Citrix or Amazon Web Services. There is also a cloud memo service. Evernote is a long-standing, note-based notepad on the cloud that lets users keep track of notes, documents, photos, and web pages, and is useful for organizing information. This cancels the need to use sticky notes physically or in a workstation software, with the added benefit of being usable through a mobile device.
There is also a cloud business card service, which will be very beneficial for a medical institution. Users can make an address book automatically on the cloud simply by scanning nouns or shooting and registering with a smartphone. It is much easier than doing business card management.
Cloud accounting services have also increased. For small hospitals that require tax returns. When users enter accounting data, it will create a book automatically. There is also a function that automatically creates an account book in conjunction with the credit card company and bank data.
All of these cloud benefits everyone, as it lessens the need for a medical institution in maintaining their own servers. All the responsibility of maintenance and optimization are the legal obligation of the cloud vendor. Of course, the cloud vendor should be legally compliant with laws such as HIPAA. That is a consideration that can never be compromised.
The IT Security Challenges All Small Businesses Face