Hospitals hold critical and valuable information such as patient data and financial information, as well as cutting-edge research and innovation. In recent years, they have become the number one target of cyberattacks, perceived as a compliant target due to the life-and-death stakes of a hospital losing operational efficiency. On 9 May 2023, the IHF’s Association Leaders Circle organized a virtual session on ‘protecting hospitals from cyber threats’ to discuss past instances and how to respond to future events.  

Here are four takeaways from the session:  

The need to collaborate

In an interconnected world, we are all subject to the same level of threats and potential cyberattackers. The internet expands beyond borders and so do cyber threats. By exchanging information and best practices, hospitals can strengthen their systems and present a united front. 

Abiding by best practices

Regulations may change from one location to the other, but following guidelines on reporting an attack, and how to respond during it, can ensure that hospitals have a stronger prevention and mitigation mechanism for the future (for example, the importance of not paying ransom).

Training and staff preparedness

A key takeaway from hospitals that managed to recover from a cyberattack is the role staff plays in responding in the immediate instance. And, for weeks to come. By providing support and resources to staff, hospitals can ensure that they are equipped at responding to these emergencies. Additionally, including cyberattacks in emergency preparedness training can also help to minimize the fallout.

Understanding ‘offline mode’

When a hospital loses access to its online systems, it needs to rely on alternative modes to function until all systems can be recovered. Understanding which systems need to be diverted to other health centres, and which can continue to be used with adjustments is key to addressing a cyberattack. A simple mitigating strategy can include maintaining some critical records on physical hard copy.

To learn more about addressing cyberthreats for your hospital, join us at the 46th World Hospital Congress in October 2023, where John Riggi, AHA National Advisor for Cybersecurity and Risk, will be chairing a session. 

For more background and tips about managing cyber threats, listen to the recording ‘Cybersecurity in healthcare: How can you protect your organizational reputation?’’ presented by the IHF Special Interest Group on Big Data.