Health Tech Crisis | Losing Passwords | The Cyber Review

July 15, 2021
Written by Ana R.

Cybersecurity: Health Tech Crisis

Networked and connected devices in healthcare allow for medical professionals to access and share patient information quickly to make life-saving decisions. They also help professionals monitor patients, attend to medical assistance if needed.

The convenience of connected devices also has its risks. So, the focus should not only be on how technology can improve the health tech sector for patients and professionals, but there needs to be a shift towards placing cybersecurity measures.

The healthcare industry has been a target for many attacks such as ransomware and malware since the networks hold a lot of confidential information.

Dangerous attacks that can disable critical life-saving machines must not be taken lightly. This is why cybersecurity in healthcare is just as, if not more important than other industries as it is a matter of life or death.

Healthcare professionals are not IT professionals. It is almost impossible to manage technology and cybersecurity when your focus in on patient care.

Healthcare leaders are often reliant on outsourced/third party support to ensure their technology estate is secure, performing optimally, and inventoried. But this can be further complicated if they are using a number of outsourced IT providers for different departments or aspects of their healthcare provision.

In addition to authorized devices in the network, there are several personal devices being used as well during the working day. People do not know if they are secure, up to date, or what controls and access those devices have which is again dangerous.

Don’t lose your digital keys: cybersecurity expert

Karen Wiebe told 680 CJOB that her spouse, Floyd, was a self-taught computer geek, which was great while he was alive, but was a “recipe for disaster” after his death, because of the hundreds of passwords for every little thing she had to try to retrieve.

Wieba said Floyd paid all the bills and she never knew how to pay online or even order online but had to learn.

“His computer and his phone were passcoded, and my kids were luckily able to figure out what that was, and in his computer there was an application where all of his passcodes were stored, and if you knew where to find that — which I didn’t — you can find some of (the information).”

Wiebe wanted to make a list of everything — bank accounts, social media accounts, email addresses, and more — that she’d need to find the passwords for, and updated the list whenever she found a missing password. She said while her solution may not work for everyone, it’s worthwhile to have a plan in case the unexpected happens.

“It’s important to have it not only so your spouse can find it, but make sure one or two other trusted people can find that information,” she said.

Cybersecurity expert David Papp said there are a number of applications and systems on the market that help people manage their passwords, and that many have emergency access or emergency contacts.

“The worst is for the people who do know — they know that person has passed away, but it’s a constant reminder and it’s bothering them when they keep seeing it there. It’s a tough topic.”

Papp said Facebook’s “legacy contact” options allows for a person’s page to be memorialized after they die, and other social companies like Instagram, Twitter, and LinkedIn have forms that can be submitted for similar reasons.

Cybersecurity bills gain new urgency after rash of attacks

Bipartisan bills between Democrats and Republicans aimed at strengthening U.S. cybersecurity after a line of major attacks are making headway in both the House and Senate.

“Unlike some of the other things I’m working on, huge, huge progress,” Senate Intelligence Committee Chairman Mark Warner (D-Va.) said of a cybersecurity proposal he is leading.

“We are very close to having almost every member of the committee on it,” Warner told The Hill on Tuesday. “It has been purely waiting for the members to get back [to Washington]. I’ve got to have a couple of member-to-member discussions, but the notion that we need some level of mandatory incident reporting. The fact that many business groups have coalesced behind this, I think it’s all great news.”

The draft bill, backed by Sens. Marco Rubio (R-Fla.) and Susan Collins (R-Maine) on the Intelligence Committee, would require federal agencies, federal contractors and owners and operators of critical infrastructure to report cybersecurity incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency.

The legislation, in circulation since last month, would grant liability protections to groups that report breaches, going beyond the existing voluntary standards for reporting that have often hindered the government’s response in recent years.