Healthcare data has surpassed the value of credit card or social security numbers for hackers, according to Synopsys‘s Software Integrity Group managing consultant Olli Jarva, commenting in response to the major cyberattack on Singapore’s government health database.
The hackers involved in the Singapore attack stole the personal information of around 1.5 million people, including Prime Minister Lee Hsien Loong.
With regards to what healthcare providers could be doing to protect such information, Jarva said: “When we are designing and building the systems to be resilient for cyber-attacks, we have to start building security from within, rather than only relying on perimeter defence. This means that before a single line of code is written, we have already started to map down our potential security problems from the design standpoint.
“Application security problems can be divided to two parts, flaws and bugs. To catch most of these software security problems, we need to identify them early on so that they would not come back to haunt us later on. We have to stay vigilant when it comes to understanding how and what kind of data we are protecting, where it is located, and what kind of security controls we have in place to protect it.”
The challenge of managing security in large computer systems can be complicated by different parts of the system having different third-party software components with inherent vulnerabilities that, Jarva suggests, may not be properly identified and remedied early enough. He added: “From a security standpoint, the healthcare industry shares the same shortcomings as other enterprises but with some added obstacles.”
The suggested additional obstacles for healthcare industries in protecting data include a potential lack of security and financial resources as well as the expertise to correct any system weaknesses. In addition, standardising security on all devices attached to a health care network could prove difficult due to the sheer number of devices in question, such as drug infusion pumps, MRI and CT scanners, and treatment software.