What would happen if medical records were altered? If someone hacked into the computer system and changed B- to A+? Have you ever considered that? You probably are right now.
Cyber Security is the latest in a long list of buzz words that government and private organizations are using. But the history of cyber security is more extensive than you may think. In 2004, the National Cyber Security Division (NCSD), which falls within the Department of Homeland Security, partnered with the National Cyber Security Alliance (NCSA) to present National Cyber Security Awareness Month.
Held during the month of October, the goal is to present awareness to all people, businesses and organizations regarding the importance of cyber security. We spoke with an expert in the field, Alexandra Panaretos, a member of the Ernst & Young InfoSec Policy & Awareness, Policy Certification & Compliance team.
How does cybersecurity tie into emergency and disaster preparedness?
“Cybersecurity should be a primary focus of emergency and disaster preparedness,” Panaretos said. “Most people imagine emergencies and disasters will involve significant human injury and loss. While that is true, cyber-attacks may cause a significant injury and loss of human life as well. Most, if not all, equipment in hospitals have a cyber component. They are inter-connected devices. “
There are several things that could be compromised or corrupted if a network is compromised. In a hospital, for example, that list could include:
- Oxygen monitors
- Neonatal intensive care devices
- Anesthesia monitors
- Medical records
Most of the physical security in and around a medical facility is controlled by an electronic scanner. Losing power would affect more than the lights n this situation. “Every single detail of an emergency plan is impacted by cybersecurity. From the first responders conveying the situation over their radios, geographical information for emergency vehicles en route to the scene, to paramedic equipment en route to the hospital,” Panaretos explained.
Check your level of cybersecurity.
While there is no easy way to ensure your cyber security, there are some things you can do. Among the list of questions, Panaretos recommends these should be included:
- Do you have reliable backups for your data? Are they being checked frequently?
- Do you have information security policies in place?
- Do you have data protection policies? Are they current? Do your employees know what they are or where to find them?
- Are your security teams thinking about cyber components?
- Do your physical security teams work with your information security, data protection, and risk management teams to develop plans and procedures? Do your employees know how to report an incident?
Learn from past mistakes.
The importance of learning from past mistakes is the main reason emergency management exists. Extend that to your cybersecurity. Panaretos cautions organizations not to forget the human factor. “As an organization, you may invest millions of dollars in your equipment, software, etc., but at the end of the day, all it takes is one person, to click one time, to cause a cybersecurity incident or allow an adversary onto your network.”
Humans are the biggest threat and largest liability to any organization, she says, and training them is crucial. Everyone who comes into contact with your organization should receive cyber training, as being aware of their surroundings is the first line of defense. Panaretos reminds organizations, “Cybersecurity encompasses an ever-changing landscape in which the threats change almost hourly. Being prepared and having frequent discussions of current threats and remediation plans for your organization may be the greatest defense an organization may have.”