02 December 2019

Hospitals and Care Centres are ill-prepared for cyber-attacks 

Healthcare professionals work in a very fast-paced, unique and potentially stressful environment, with a lot of time pressures and responsibilities that do not always make secure behaviour easy. Procedures need to be quick and convenient, especially when patients’ lives depend on swift medical support.

Yet in an increasingly connected world, the medical professional needs to be extra vigilant. From the use of emails to connected devices, it’s more important than ever to take steps that can prevent cyber criminals getting hold of sensitive patient data and devices. 

PANACEA’s investigation into cyber security reveals a lack of the required levels of cyber security across countries and healthcare organisations. Issues are multiple, from insecure behaviour to a lack of awareness about the many different types of cyber risks associated with such behaviour.

PANACEA Research also shows that hospital staff typically look for workarounds when it comes to sharing information because often communication tools are unintuitive, pushing staff towards the use of WhatsApp, within the organisation and for patients.

A human-centric approch to cyber security

Measures taken to increase cyber security must be user-friendly, user-transparent, time-efficient and workable within the constraints of a hospital or other medical facility, and without having a negative impact on patient care. This is key to avoiding ‘workarounds’ and ‘shadow working’, which is one of the main findings emerging from this PANACEA analysis of current practices. Let’s take the example of information sharing.

Training and awareness are vital in the drive towards a cyber security culture, making sure members of staff are kept in the loop, understand why security is important for their own safety, that of the patients and of the hospital infrastructure. All staff members need adequate training tailored to their specific roles and responsibilities. Most importantly, they need to be treated as valuable assets within the organisation, get the support they need by knowing who to turn to for help. Well-defined training therefore becomes an important incentive for any hospital.

According to the PANACEA findings, this is a major area for improvement, which needs to take current practices within the organisational culture as the starting point to minimise unsecure behaviour.

PANACEA’s behaviour nudging measures are designed to be effective in guiding staff towards good practices by showing that patient safety goes hand in hand with time-efficient patient care. The Secure Behaviours Nudging Tool will put in place a methodology to design architectures that nudge people towards better choices without forcing certain outcomes on anyone. This tool will be based on the simple concept that awareness per se is not enough and that the right behaviour can be triggered, that is, “nudged” through a specially designed tool. PANACEA will enable an interactive approach to ensure the tool is people-centric.

Without these measures in place it will be very hard to change engrained habits like access credential sharing and other ‘shadow’ work processes that create a security weakness.