Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

The Security of Hospitals in Question 2

June 2024 by Patrick Houyoux LL.M. ULB, Brussels, Trinity College, Cambridge, UK. President – Director PT SYDECO

On May 29, I published an article titled "The Security of Hospitals in Question"1. In it, I described the hospital as a supply chain, an integrated system that brings together various stakeholders of an economic activity, from producer to consumer.

I noted that hospitals use various interconnected IT systems such as electronic medical records (EMRs), laboratory management systems, prescription systems, and medical imaging management systems (PACS). These systems collaborate with numerous partners and suppliers, facilitating the circulation of sensitive data between different actors.

A Multidimensional Approach to Security

To protect hospitals against cyber threats, I recommended adopting a multidimensional approach that includes technical, organizational, and awareness measures.

Segmentation and Specific APIs

I advocated for network segmentation, with each department having its own API (Application Programming Interface) protected by a next-generation firewall like ARCHANGEL© 2.0 from PT SYDECO. This firewall can detect and prevent intrusions and block suspicious activities. This segmentation allows isolation and limits access to specific data and functions of each department, thereby reducing the attack surface and facilitating vulnerability management.

Advanced Technical Solutions

I presented the Integrated Protection System from PT SYDECO as a solution. It includes the next-generation firewall ARCHANGEL© 2.0, which deeply defends the network, protects against SQL injections, DDoS attacks, and detects and blocks any suspicious movement within the internal network. It also includes a VPN Server, offering maximum protection by securing data traffic both inside and outside the network. Thanks to SydeCloud©, a secure file sharing and online backup solution, it allows secure access to files.

Conclusion

I concluded by saying that cyberattacks on hospitals are not inevitable. By adopting robust security measures and using integrated solutions like those proposed by PT SYDECO, hospitals can effectively protect themselves, thus ensuring the security of data and care for the well-being of their patients.

Recent Attack

A few days ago, a ransomware attack struck Synnovis, a provider of pathology services to hospitals in England. As a result of this attack, more than 200 "vital" operations scheduled within 24 hours were cancelled by NHS hospitals in London (Guy’s and St Thomas’ Foundation Trust (GSTT) and the King’s College University Hospital NHS Foundation Trust)2.

Synnovis, the main provider of pathology platforms for general practitioners in six London boroughs (Bromley, Southwark, Lambeth, Bexley, Greenwich, and Lewisham), conducts tens of thousands of tests per day but is unable to do so due to inaccessibility to its systems. It is feared that the impact may also extend beyond London, as Synnovis provides some services to other hospitals.

Conclusions

This attack confirms that cyberattacks on hospitals are not inevitable. If Synnovis had segmented its network and created an API for each client hospital, the risk would have been confined to a single segment, limiting the impact on its overall operations.

It is crucial that both hospitals and their service providers scrupulously follow security advice and that hospitals demand the same level of security from their service providers as they implement themselves. Cyberattacks on hospitals are truly not inevitable.


1. https://www.linkedin.com/feed/update/urn:li:activity:7202205531925585920,

https://sydeconewsblog.blogspot.com/2024/05/security-in-question-in-recent-article.html

https://www.globalsecuritymag.fr/hospital-security-in-question.html

2. https://www.independent.co.uk/news/health/nhs-cyberattack-hospitals-operations-cancelled-cancer-b2559751.html


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts