By Dr Saif Abed, Chief Medical Officer and Healthcare Cyber-warfare Expert at BridgeHead Software
Today, cybersecurity is a hot topic in healthcare. Wherever you click there’s an article about the latest ransomware attack or statistic about how hospitals have become a top target for threats ranging from organized crime to disgruntled employees. It can be a real challenge to separate myth from reality and build a strategy that actually secures clinical systems and patient data whilst also demonstrating a return on investment. At BridgeHead, we’ve decided to solve this challenge by targeting one of the most common sources of vulnerabilities that healthcare organizations have to deal with – legacy applications.
Over many years, we’ve worked with CIOs, CMIOs/CCIOs and other senior managers all over the world, whether in private healthcare institutions, the UK NHS, as well as elite sports teams and occupational health departments within companies. And, in speaking with these organizations, a common theme has emerged of burgeoning clinical application ecosystems that have become unwieldy to manage and expensive. However, what we also recognised was that many of these applications were insecure, unpatched and unsupported. As healthcare has become increasingly digitised, these applications have started to become targets that attackers are looking to exploit as a ‘way in’ to access the broader healthcare organization’s network where they can cause chaos.
It can be shocking how a seemingly innocuous niche application can be the source of enterprise-wide disruption that can lead to mission-critical clinical applications being locked down, operations cancelled, ambulances diverted and huge recovery costs. However, that’s the reality we are now facing. Our approach at BridgeHead is to work with hospitals and clinics to identify these applications and transfer their stored data into our secure, clinical repository, HealthStore®, so that these applications can be decommissioned. What’s important is that we have the clinical and technical expertise on our side to prioritise which applications are the greatest source of risk. That way, we can support hospitals to phase the application retirement process to fit resources and schedules and also mirror the adoption of new systems, such as EHRs that invariably create new legacy applications.
We believe that security should not come at the expense of usability and, moreover, it should have a positive, tangible business impact. By transferring data into our clinical repository, staff can access patient information that was previously difficult to find using our intuitive in-built, ‘zero footprint’, universal viewer or through any integrated EHR or portal solution.
“Our mantra is to create clinical, operational, financial and risk benefits. With HealthStore, we are doing that by eliminating major systemic risks that are created by legacy applications whilst also enhancing the clinician’s user experience so that they can focus on what matter’s most – patient care.
For more information, read BridgeHead’s latest cybersecurity whitepaper entitled “Legacy Applications: A Healthcare Cybersecurity Nightmare”.