The stark vulnerabilities within health systems and the potential impact on the safe delivery of care have been exposed during the COVID-19 outbreak.

Cybercriminals have exploited the confusion and fear to launch a wave of cyberattacks against healthcare organisations, including the World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC). Despite this, the healthcare sector remains one of the worst adopters of cybersecurity frameworks.

This is the context for a forthcoming research report by the Leading Health Systems Network (LHSN), an initiative of the World Innovation Summit for Health (WISH), in partnership with Imperial College London, looking into the current state of cybersecurity in healthcare settings worldwide. The findings and recommendations will be released during the WISH 2020 biennial conference set to take place in a virtual format on 15 to 19 November, and free to attend this year.

Cybersecurity Threats

Back in 2017, the National Health Service (NHS) in the UK was subject to a ransomware attack. But during COVID-19, the main threats to cybersecurity have resulted from staff being moved to help with emergencies, leading to increased risk in maintaining adequate control of IT systems, accidental errors, stretched health systems, and the rapid introduction of new digital solutions that bring inherent risks, such as design flaws jeopardising the security of the data they hold.

Alert to the growing challenge, LHSN, an international group of health systems and providers hosted at the Institute of Global Health Innovation (IGHI) at Imperial College London, with the support of WISH, questioned key experts in the areas of IT, cybersecurity, health policy, and health systems about their experiences and organisational efforts related to cybersecurity.

They also consulted experts from a range of health systems to provide input on the most relevant elements of a global framework for cyber readiness in healthcare. The result is the Essentials of Cybersecurity in Healthcare Organization or ECHO framework, proposed in the report as a minimum standard, depending on an organisation’s resources and cyber ‘maturity’.

The ECHO framework includes the most important elements of a global cybersecurity framework for healthcare and outlines the six primary dimensions to consider when scaling up cybersecurity in a healthcare organisation.

WISH CybersecurityLeading the report and the research process was Dr Saira Ghafur, Digital Health Lead at IGHI and an honorary consultant in respiratory medicine at St Mary’s Hospital and a team of authors comprising Policy Fellow in Global Health Niki O’Brien, Cyber Security Fellow Dr Emilia Grass and NIHR Clinical Lecturer Guy Martin.

Their report makes it clear that, while digital solutions have the potential to revolutionise healthcare and improve the health of people around the globe, it is essential that healthcare professionals work to mitigate the accompanying risk of cyber threats to protect patient populations. What COVID-19 has shown is that cybersecurity needs to be a fundamental and consistent consideration, and that protective mitigation strategies need to be in place.

WISH 2020 will extend over five days this year. Healthcare experts, policymakers, innovators, frontline workers, and members of the public from across the globe will gather on an interactive virtual platform to collaborate toward achieving the goal of building a healthier world under the theme ‘One World Our Health’.

WISH is a global health initiative of Qatar Foundation. Click HERE to register to attend the virtual WISH 2020.