*By Igor Valoto
In recent months, cyber attacks have intensified around the world and cybersecurity has become a recurring topic among institutional leaders. According to the American consultancy Frost & Sullivan , there was a worldwide growth of 715% in attempted attacks between June 2019 and June 2020. The healthcare sector was one of the most affected, as revealed by a survey carried out by Check Point Research , which highlights that in Brazil alone, there was an increase of 66% in cyberattacks between November and December 2020.
Health institutions, whether operators, exam laboratories or hospitals, contain numerous personal data of their patients considered “sensitive data”, that is, information that can cause embarrassment or discrimination to a person. With the pandemic and the changes caused by it, many technological weaknesses of Brazilian health organizations came to the fore, making it a full plate for cyber criminals to attack what should be the most protected data in the entire system.
How to protect yourself from cyber attacks?
When the health institution's systems are attacked, what is called unavailability occurs, that is, the organization is totally or partially unavailable until it is able to resolve the situation. This unavailability can hinder both the doctor, who depends on the system to record their actions, and the patient, from registering at reception, to carrying out and withdrawing exams.
Therefore, it is much more advantageous to at least try not to get to the point of suffering a cyber attack, through investments in cybersecurity . The effective practice of virtual security provides much better chances of preventing an organization from suffering some kind of cyber attack.
The benefits and challenges of cybersecurity
Cybersecurity offers a number of advantages to healthcare institutions. One of them is confidentiality, which ensures that sensitive data is stored and that patients have their privacy protected. Another benefit is integrity, which keeps information safe from alteration by those who do not have permission to access the system. There is also availability, which ensures that all services are available to doctors, nurses, patients and everyone who depends on the healthcare system.
It is necessary to remember that natural disasters can arise at any time, that is, cyber attacks can occur when least expected. In this way, institutions must be fully prepared and equipped to face and block them in an agile way. Therefore, virtual security must be implemented in any technology project, and must be seen as a practice and not a concept.
Currently, cybersecurity still has the support of LGPD (General Law for the Protection of Personal Data), responsible for protecting citizens' data privacy rights and implying feelings for companies in the event of data leakage. In addition, American health organizations, for example, have a law that defines a set of rules to be followed in order to preserve data. The regulation is called HIPAA (Health Insurance Portability and Responsibility Law) and, despite not being valid on Brazilian soil, many institutions apply its rules with the purpose of building a more mature environment.
Taking this into account, health institutions must increasingly invest in data security awareness and culture programs, software providers that have solutions, and professionals specializing in cybersecurity and new technologies. By following these guidelines, cyber attacks on the healthcare sector can be mitigated and sensitive data will, in fact, be protected.
*Igor Valoto is a Cyber Security Specialist at SoftwareONE, a leading global provider of end-to-end solutions for software and cloud technology.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
