News

Mr. Hamad Saeed Abdulrahman, Director of the Information and Communication Technology Directorate at King Hamad University Hospital, stated that cybersecurity in operational technology (OT) is a challenge in almost any industry, and in the healthcare sector those challenges are exacerbated by regulatory burdens and risks to protect patient safety and personal information in some cases.

“Valuable protected health information (PHI), portable medical devices that can administer medication doses, and even refrigerators that hold life-saving vaccines and treatments are all connected to a healthcare organization’s network. When that network gets hacked, it can wreak havoc on an entire health system and its patients.” According to Mr. Abdulrahman.
This was stated during the “Zero Trust Security – Always Verify” Forum, moderated held by NGN International, a full-fledged systems integrator and Managed Security Service Provider based in Bahrain. The forum was a part of the “NGN Majlis”‘ efforts to enhance awareness of cyber security among Bahraini institutions and individuals.

“The concept of “Zero Trust” security model, assures that no device or user is automatically trusted before being vetted by strict authentication processes. Zero trust is not a single technology or tactic, but a set of cyber defenses that collectively look for threats outside and within a network perimeter. Implementing a zero-trust architecture could make a life-or-death difference in how healthcare organizations operate and respond to cybersecurity incidents.” Mr. Abdulrahman said.

Mr. Abdulrahman affirmed that Healthcare organizations without proper cybersecurity safeguards are putting patient data and lives on the line. Although implementing a new cybersecurity model is not a small task, the benefits outweigh the potential downsides. He also explained that there are other crucial components to safeguarding the healthcare industry, as cybercriminals can target physical security by going into the hospital they want to break into or steal information from while faking illness, for example, before going into the hospital rooms and connecting their laptop to try to access the building’s work system.

“Besides cybersecurity, the zero-trust concept must be implemented in healthcare facilities to enhance physical security by following policies and practices that need to be put in place. Such as identifying and prioritizing risky users and access processes that pose a threat, establishing identity assurance through a strong multi-factor authentication architecture, limiting lateral movement within a facility, enforcing least privilege at every access point, and utilizing the use of surveillance cameras to identify any suspected behavior.” Mr. Abdulrahman added.

Mr. Abdulrahman concluded by affirming that healthcare organizations possess data that is extremely valuable on the black market. In addition, hackers can choose from EHRs, mobile devices, vendors, cloud applications, remote employees, and medical devices as potential entry points into an organization’s network, that’s why it is imperative to apply the “Zero Trust” concept to keep those devices and data safe for the sake of patient safety.