4 minute read
Cyber-resilience in the Middle East healthcare sector
Healthcare providers are seeing an increase in cyberattacks, says Russell Mayne, Dell Technologies Healthcare Field Director for Middle East, Russia, Africa, and Turkey.
Over the last few years we’ve seen bad actors increase their interest in healthcare organisations around the world. While banking and retail have been able to largely secure systems and control access, healthcare presents a specific challenge in terms of the number of non-technical end-users needing access to highly valued patient data. In fact, healthcare providers continue to see an increase in cyberattacks, with 53 per cent of healthcare organisations being subject to attacks in 2020.
In addition, • 35 per cent of UAE tech executives were attacked by ransomware during the past year • There were more than 2.5m phishing attacks in the Middle East between April and June 2020 • A 600 per cent increase in phishing in the UAE from February to June 2020 has been reported • More than $6.5m cost per data breech in the Middle East
Dell Technologies is committed to supporting our Middle East healthcare clients, ensuring health data remains accessible for patient care but secure from intrusion. Cybersecurity incidents can create both measurable and so costs to organisations. Research from Comparitech found that providers have spent at least $160m in recovery costs since 2016, and these direct costs only represent a small portion of the impacts. Personally, I look behind the commercial loss caused by a security breach and recognise the very real impact a breach has on patient care and reputational damage for healthcare providers.
The importance of Cyber Resilience
As a clinician with more than a decade in clinical practice I recognise the immense cost when critical healthcare systems go down. It is standard international practice that healthcare providers have clinical plans in place should the system go down, although recovery from a system outage may take 10 hours for every hour of outage. Even so, we should remember that a healthcare organisation exposing a large attack surface is at high risk of being taken down for a considerable amount of time. A cyber intrusion is fundamentally di erent to a “normal” system downtime.
While recovery from a ransomware attack can span years due to the remediation e orts required, taking the shortcut and paying the ransom is simply is not worth it. This is relevant given the fact that a Sophos report shows that more than 28 per cent of organisations in the Middle East paid a ransom. Paying the ransom creates a vicious loop in which attackers are motivated to keep on targeting organisations and refining their attacks with no consequences for their actions.
We believe that security must be intrinsic to every aspect of a digital organisation, from the core, to edge, to the cloud. There are available solutions to ensure that your organisation deploys the right mix of automated, intelligent, and intrinsic security to address emerging threats in our rapidly changing environments.
‘Resilience’ means the ability to prepare for and adapt to changing conditions, and withstand and recover rapidly from disruptions. This includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. Cyber Resilience is a strategy that incorporates people, process and technology into a holistic framework that protects an entire business organisation.
Supporting healthcare organisations further secure their IT environments
Secure Care capabilities must be intrinsic in everything, extending across all touch points and workstreams. Organisations must enhance all facets of security including sta , endpoint, and network security to deliver continuous remote access to anyone, anywhere, anytime.
Organisations need to identify where their data assets currently reside and understand the importance of their data to apply appropriate protection. Modern data protection solutions help address current threats, while ensuring data security and compliance to help organisations maintain continuity of care and readiness for what’s coming next.
Healthcare providers need to align strategically with key partners that can provide security solutions from the point of care to the data centre to the cloud. A recent study found that 80 per cent of organisations rely on security solutions from multiple vendors. The study went on to show that organisations which work with multiple vendors face an increased risk in protecting their environments. Those that work with a single vendor see half the downtime cost and 20 per cent the data-loss cost, representing considerable savings and reduction of risk.
All CIO’s, CISO’s, Chief Medical and Nursing executives have a duty to ensure that their business and clinical sta are fully equipped to respond correctly to cybersecurity threats. We encourage training that mimics realworld threats with simulations on how to best automate and respond to cyberattacks.
Russell Mayne Healthcare Field Director Dell Technologies
Protecting your future investments in data
Healthcare organisations should reassess the distribution of their cybersecurity investments, placing more emphasis on response and recovery while allocating more budget to cybersecurity. As technology becomes more advanced, data grows exponentially – becoming a more attractive target for sophisticated threats. The HIMSS 2020 Cybersecurity survey found that only 6 per cent of healthcare organisations dedicate 10 per cent or more of their budget to cybersecurity.
By leveraging a comprehensive portfolio of o erings, healthcare providers can secure their data across the health system continuum which is more important than ever as our new ‘work-from-anywhere’ environments aren’t going away. Healthcare security solutions should encompass physical security, sta training, network security, endpoint security, data protection and data recovery. Together, these solutions and services allow the creation and maintenance of a secure care environment while improving e iciencies and streamlining patient care.
I want to live in a world where all healthcare organisations are prepared and resilient in the face of this real threat.