Since the appearance of COVID-19, cyber-attacks have risen sharply in the healthcare sector, due to the increasing use of public clouds and insecure data processing software.
The main techniques used by cybercriminals
First of all, we have the “phishing” technique, which is the most frequently used. This technique involves identity theft. Cybercriminals have exploited the pandemic theme and created malicious phishing campaigns to retrieve important data such as social security numbers or bank account details.
Secondly,ransomware aims to block or corrupt large volumes of data, and then demand a ransom. This technique mainly affects large databases belonging to healthcare organizations. It can be used for two different purposes: either for the fraudulent use of data to obtain a sum of money, or for a more geopolitical purpose.
Protecting and sharing health data
Health data must be shared securely between healthcare professionals.
First of all, it’s important to be able to host healthcare data on a central information system. This system’s service provider must be certified as a ” Healthcare Data Hosting (HDS) ” provider.
This procedure is certainly a guarantee of security, but it’s very time-consuming to set up. By way of derogation, you can use your personal computer, even if connected to the Internet, to store your patients’ health data on your hard disk. To help you with this procedure, here is a short extract from the CNIL’s practical guide to personal data protection (Sheet 4 – What framework should apply to cell phones and tablets?).
Can you use your cell phone or tablet to access your patient records?
Your tablet or cell phone can be used in a professional context, provided that the security rules are respected. We strongly advise against storing medical information in the internal memory of your tablet or cell phone (to avoid serious consequences for patients in the event of theft or loss). In practice, however, if you decide to disregard this advice, you should at least keep your data in compliance with the following security rules:
-Use passwords that comply with CNIL recommendations (12 characters including upper and lower case, numbers and special characters),
-automatic locking after a short delay,
-encryption of sensitive data.
More generally, you should avoid lending out your phone or tablet and leaving them unattended.
To guarantee the quality, confidentiality and protection of personal health data, remote access to your patients’ files must comply with the interoperability and security guidelines drawn up by ASIP Santé. These standards are approved by order of the Minister of Health, after consultation with the CNIL. Pending publication of the regulatory texts enabling these provisions to come into force, the CNIL requests that healthcare professionals be authenticated using a healthcare professional card (CPS) or an equivalent device approved by ASIP Santé.
When consulting patient information on your tablet or cell phone on the move, you should always check that your screen is protected from prying eyes.
Warning! The use of mobile media (USB sticks, external hard drives) is strongly discouraged. If you do use them, you should encrypt any sensitive data stored on them.
Recommendations for protection against cyber attacks
The security of the data you handle on a daily basis as a healthcare professional is of paramount importance.
To help you manage your cyber security, we’ve listed a few solutions to combat cyber attacks:
- The most effective solution is to share and store your sensitive data via secure, encrypted software. We offer you the Parsec solution, which enables you to preserve the integrity of your patients’ data. Simply collaborate in total confidentiality in the cloud, wherever you are.
- In addition, you can also secure your Internet network , especially for medical staff, with a VPN. Using an unsecured, public network can increase the risk of cyber-attack.
- Protect your devices with up-to-date antivirus and anti-malware software. This involves blocking viruses and malware that wish to infiltrate your system. This may seem an obvious point, but it can lead to a security hole in the computer system that can be exploited by attackers. Many attacks are due to negligence in setting up basic protection systems.
- Make your staff and patients aware of cyber risks. Downloading suspicious documents or clicking on malicious links can entail risks.
PARSEC for healthcare professionals
PARSEC , an ANSSI-certified secure sharing and storage solution, is a “Zero Trust” and “Zero Knowledge” software package, which means that it processes all data locally, on the doctor’s workstation, and that anything sent over the Internet is protected in terms of confidentiality and integrity by exclusively local keys. In other words, data leaving the terminal are no longer medical data, since they are encrypted packets that cannot be used by a third party.
What’s more, PARSEC is collaborative, ergonomic and easy-to-use, making it quick and easy for healthcare professionals to learn and adapt.
Watch our webinar on the subject :
