× Government Healthcare Islamic Finance Oil And Gas Real Estate Technology Telecom Tourism

Health facilities in Bahrain ‘must abide by strict cybersecurity rules’

July 12, 2022
healthcare

Bahrain - Healthcare facilities in the kingdom will have to abide by strict established cybersecurity standards to get accreditation from the National Health Regulatory Authority (NHRA), its chief executive confirmed.

The NHRA’s determination to maintain best practice was outlined following a workshop it hosted, in collaboration with the National Cyber Security Centre, which discussed an initial draft of a cybersecurity controls document for Bahrain’s health sector.

NHRA chief executive Dr Maryam Al Jalahma pledged that the authority would continue its close collaboration with the centre, a move supported by the private healthcare sector as well.

“The session was very useful – it was a collaborative forum in association with the National Cyber Security Centre,” Dr Al Jalahma told the GDN.

“The initiative aims to help protect health information systems in the private sector and, in turn, to secure patient data from being hacked.

“Cybersecurity experts involved in the health sector, from renowned consultants, conducted training sessions. They highlighted, to the relevant staff, the standards required to be implemented in each hospital to protect such important and sensitive data.”

Cybersecurity threats can hinder a healthcare facility’s ability to provide necessary patient care, with threats varying from both internal and external sources. Globally, six common types of security breaches have been spotted in healthcare – phishing, malware, ransomware, theft of patient data, insider threats and hacked devices.

“The sensitivity of patient data and dangers of it being hacked or leaked were highlighted by the consultants,” added Dr Al Jalahma. “Confidential patient reports could be at risk if a system is not fully protected against cyber threats.

“All hospitals are committed to the cause and we at the NHRA will include cybersecurity standards as part of our overall accreditation formalities.”

National Cyber Security Centre chief executive Shaikh Salman bin Mohammed Al Khalifa opened the workshop in the presence of the centre’s Operations vice president Shaikh Abdulla bin Muhammad Al Khalifa, Dr Al Jalahma, chief executives of private hospitals and top government officials from the health sector, alongside IT experts.

“The efforts of the centre are to strengthen capabilities and to provide the necessary capabilities to monitor and address threats and risks, and thus ensure a safe environment in the kingdom’s cyberspace in line with the nation’s Economic Vision Bahrain 2030,” said Shaikh Salman.

“The centre, through this workshop, seeks to discuss security controls of the health sector with government and private health institutions in Bahrain to match best international practices.

Threats

“Such workshops are important to ensure that protection systems are in line with the latest developments in the field and they also help address any challenges.

“Providing a safe cyber environment for the health sector is one of the main factors in achieving the strategic objectives of the kingdom.

“The aim is to increase safety within the medical sector and to strengthen the current mechanism within hospitals. The goal is to discuss the criteria necessary to improve security and to put together an action plan to implement in medical establishments.”

A cybersecurity controls document for Bahrain’s health sector, discussed at the workshop, includes the necessary requirements to enable hospitals and health institutions to protect their systems, networks and applications and enhance their abilities to stay secure.

National Centre’s Cyber Security Policies director Yousif Mohammed underlined the risks involved when data in the health sector is potentially lost.

“Considering that many medical records, personal records and medical equipment are now being intertwined within the cyber network puts them under heavy risk,” he said. “It is a priority to take care of the medical sector and put criteria and standards in place that will continue to increase cybersecurity within medical establishments.”

Hospitals house thousands of patient records, making them prime targets for hackers and extortionists and making healthcare cybersecurity an important area of concern for hospital leaders.

Cyberattacks come in many forms, from ransomware to theft of personal information. The impact of an attack can vary depending on the size of the facility.

Cybercriminals have been hacking into hospital computer systems for decades to steal medical records and other personal information to sell on the dark web.

Attackers are going after two primary objectives: disruption and data, according to US-based Chief Healthcare Executive.

“First, attackers are looking to disrupt healthcare operations. Healthcare providers aren’t like other businesses that can take their time if a system is compromised. If a hospital can’t access its records or its ability to serve patients is compromised, that’s a giant problem,” it reported.

“While many attackers are chiefly concerned with disrupting services, some are going after the data in healthcare systems. In some breaches, attackers have taken the data first, and then deployed the ransomware into the organisation. In such cases, attackers tell the healthcare organisation to pay a ransom and they can get the data back, and if they don’t pay, they’ll detonate the ransomware and lock up their computer systems.”

zawya