Fuller Yu, Chief Information Security Officer (CISO), Hong Kong Hospital Authority
Leon Chang, Head, Cyber Defence Group, Integrated Health Information Systems (IHiS)
Carlos Arglebe, Corporate Cybersecurity Officer, SVP, Siemens Healthineers (moderator)
Gagandeep Singh, Vice President & Group CISO, IHH Healthcare Berhad (moderator)
The COVID-19 pandemic made hospitals more vulnerable to cyberattacks as hackers preyed on the overwhelmed systems. It is timely, for hospitals to be more prepared in protecting patient and organisation data. The most recommended approach is to evaluate factors, such as what we’re trying to secure, the value proposition, risks, financial models, and build the hospitals’ detection and response capabilities around them.
Hospitals need to understand, as technology is more widely deployed in healthcare, digitalisation and cybersecurity go together. Higher usage of technology and more complicated devices all require stronger cyber defences.
Moreover, we have to acknowledge that cybersecurity is a journey. It goes on for long-term; hence, there should be no question on whether it has investment value. Building cyber resilience complements business resilience, and this is what hospitals have to address when faced with the dilemma regarding the resources required to build cyber capabilities. Hospitals may start with the resources they already have and try to maximise on them.
Most importantly, collaboration and communication are the keys to cybersecurity. Hospitals sometimes forget people are the weakest links. We may have the most advanced technology to protect us from attacks, but if hospital staff are poorly trained or have poor awareness of cybersecurity, there will still be cyber-casulties.
What hospitals need to do, therefore, is to make sure everyone in the organisation has a proper understanding of cybersecurity risks and avoid compromises on data privacy.
- No one is immune to cyberattacks.
- Cybersecurity should be integrated from the design level.
- Digitalisation and cybersecurity go hand in hand.
- Organisations need to protect staff as digital citizens.
- Hospitals need to look at cybersecurity as a journey.
- Cyber resilience equates to business resilience.