The news this morning of #cyberattacks on the #HSE is worrying. #Healthcare is an attractive target for cyber criminals because medical data is between ten and twenty times more lucrative than credit card or banking details. Stolen health records can be sold to fund criminal activity and facilitate identity theft, blackmail or extortion. An Essential Priority with the Mindray Distributed Monitoring Network
The digitization of healthcare in the world continues to accelerate with no sign of decline. From Electronic Medical Records (EMRs) to millions of connected medical devices, the flow of patient information is increasing exponentially. With such an increase in the volume and modes of data transmission comes a greater vulnerability to cybercrime. As a result, cybersecurity is an ever-growing concern within the healthcare sector. Norso Medical's partner company, Mindray, is committed to protecting patient data and assuring privacy. In doing so, there are three key areas on which we focus – Endpoint Security, Patient Privacy and Security by Design.
Endpoint security focuses on minimizing the threat of unauthorized access through devices such as laptops, workstations, mobile and bedside medical devices. Mindray starts by
· Reducing the network attack surface by segmenting the network
· Eliminating unnecessary pathways
· Restricting access to communications on the network
· Locking down and securing these devices is the definitive and core component of Mindray Endpoint Security
· In addition to requiring secure firewalls and antivirus protection for network deployment, Mindray applies Whitelisting and Operating System (OS) Hardening for further safeguarding
Mindray’s approach to protecting PII incorporates secure encryption, password management and secure data deletion.
· The BeneVision Central Monitoring System (CMS) utilizes features such as user access controls and customized screen configurations to support patient confidentiality. · Data displayed upon the screen or in reports is configurable to limit patient information shown · Logs obtained for troubleshooting purposes are extracted without PII or encrypted to protect patient information. · Mindray integrates with the hospital’s Active Directory to centrally manage user accounts, rights and permissions complying to secure password policies. When deployed simultaneously, these various strategies prove effective in supporting patient privacy.
Security by Design
This type of security is focused on elements that are inherent in the device or system with the explicit purpose of maintaining security. It all starts during product development where security risk management, security design practices, and security code analysis are performed.
· Rigorous testing such as Fuzz testing repeatedly bombards a computer application with erroneous random data to look for system crashes and/or memory leaks. Data obtained from this type of testing can identify any system instability in very challenging circumstances so that these instabilities can be addressed in the design phase, prior to product release. · Similar to Fuzz testing, Penetration testing is another automated technique that simulates a cybersecurity attack to identify both vulnerabilities and strengths within a software application or system. · Security by design continues well beyond product release; Mindray continuously evaluates patches and security updates to ensure product security over time.
Defense in Depth
The sum of Mindray’s multifaceted cybersecurity strategies can best be described as Defense-in-Depth. All of the strategies described here are methods which complement existing institutional efforts to reduce the incidence of cybercrime.