While the move to digital has the advantage of opening the door to several opportunities, it can also be the source of several problems.
Especially when it comes to the computer security of connected objects used for new needs.
This article will also interest you: Hospitals to the test of cybercrime
For hospitals that have gradually adopted the digital system classifying medical records, the challenge of cybersecurity is of great size to preserve the confidentiality but also the security of their patients' medical information. And that's more than essential.
So these health organizations are in a situation where they have to shuttle the benefits of digitization. While the benefits are many, the disadvantages could cause much more damage than it looks. Improved safety systems are therefore needed "to prevent disruptions caused by "smart" components that could have a greater impact on patient safety. how Stéphane de Saint Albin, IT journalist, explains
Hospitals are increasingly connected. And the explosion of the latest connection technologies makes it even easier and more dynamic. In France, for example, there are 3 million people who have the DMP "Shared Medical File". There is also a loan opening rate of 200,000 of these files per week. The purpose of such a project is clear, it is to improve the medical follow-up of the patient. Of course under which conditions it will be easy for doctors to follow the evolution of what patients suffer and the various incompatibilities related to the drugs that are prescribed. Thus the shared medical record allows health specialists to offer a complete but also confidential service with controlled access.
However, it should be noted that smart hospitals are generally adored by cyber criminals. Indeed, hackers see it as a way to easily extend their act of cyber malice. There was even an increase in computer attacks and other incidents involving these health organizations last year and early 2020. Unfortunately the health sector and after leaving specialists as being very vulnerable, to cyber malice. And as if that were not serious enough, they contain huge data of a very sensitive nature. This makes smart hospitals the ideal target for ransomware attacks. There is nothing better than this environment to demand a good ransom.
Despite this more or less worrying situation, the safety of hospitals does not improve. It remains vulnerable to computer attacks. Given that some health organizations are in a very difficult financial situation, it is very difficult for them to be able to generate a sufficient budget to improve their IT infrastructures, which are becoming older and very ill-suited to the circumstances. It is in this context that the French government has initiated a programme to help the hospital information system. A project called the Digital Hospital Program. The goal is to help health care institutions make a transition to stable and secure digital. This is achieved by establishing an ecosystem governed by rules to regulate and determine certain measures and requirements in terms of technology, communication and information. "As the number of attacks grows, health care providers need to secure more connected medical devices. The majority of cyberattacks target web applications and cyber criminals continue to exploit this channel relentlessly. Indeed, the applications are easy to hack. The web, especially the HTTP protocol (even the HTTPS, a little safer), have not been designed for today's complex applications. Therefore, security planning must be integrated into new product and service offerings to avoid a disaster. comments Stéphane de Saint Albin. "Databases are the most targeted targets because they contain huge amounts of personal data in a concentrated form. For example, when it came to cloud storage, users and administrators aren't the only ones who can access data. Cloud service providers could also access it if it is stored without protection and encryption. If cybercriminals gain access to this data, patients and hospitals may be directly blackmailed by them. Not to mention the involvement of the CLOUD Act, which, since March 2018, can require any supplier subject to U.S. law to provide access to data as part of an investigation, at the request of a U.S. judicial authority. ». He adds.
All these situations expose intelligent hospitals which unfortunately and fortunately are experiencing a great boom.Legally, one can count on the general European regulation which governs personal data regarding the requirements related to their protection. For example, European requires that the patient's informed and prior consent must be formulated for any treatment of this medical information. Referring to Article 17 of the same regulation, it could be said that the patient can demand the right to be forgotten, that is, that all his information can be deleted, an institution which holds it I situate in the european Union.
In addition, in order for a host to be officially certified, certain levels of activity must be observed:
– A constant and operational maintenance of the various physical sites intended to house all the necessary equipment for the health data storage activity
– The availability and efficiency of the hardware infrastructure of the computer system involved in the processing of health data.
– The availability and constant maintenance of dark platforms and maintains the applications used by the information system
– The safeguarding of medical information by the health organisation.
Now access an unlimited number of passwords: