THE digitalization of health care systems has always been viewed as an effective method to improve medical quality as well as patient safety, yet health care systems are now at risk due to the growing preponderance of IoMT (Internet of Medical Things) devices, telehealth and cloud adoption. Asia has been a hotspot for cybercrimes — experiencing attacks at 1.6 to 1.7 times higher than the world average. Ranking second globally, over 76 percent of medical devices in the Philippines are infected with malicious code in devices used in health care facilities across the country, including servers, computers, tablets, gadgets and hospital machines, which are connected to the internet.

In conversation with the Manila Times, Fabrice Bartolucci, regional general manager of Southeast Asia & Hong Kong at Exclusive Networks, shares his thoughts on the vulnerabilities of SEA's health care systems, how hackers breach databases, and how the health care industry could protect itself with professional cybersecurity solutions for health care systems.

The Manila Times (TMT): What are the vulnerabilities of SEA's health care systems and those of the Philippines? Is there anything unique about the vulnerabilities in the Philippines?

Fabrice Bartolucci: With fast-growing populations, many Southeast Asian countries face limited financial resources for health care, leading to inadequate digital infrastructure and a lack of access to health care services for their citizens. With the financial constraints to obtain good information systems, the vulnerabilities of health care cybersecurity systems in the Philippines include a lack of security protocols, inadequate data protection measures, weak passwords, unencrypted data and the potential for malicious attacks. Additionally, the lack of resources and training for health care cybersecurity staff could lead to an increased risk of data breaches and malware infections.

Many of these vulnerabilities have been present for years in the Philippines. In particular, the lack of health information systems and the increased need for health care services following natural disasters are both more recent trends in the Philippines.

TMT: What methods do hackers use to breach databases? Why are health care systems the target of hackers? What are the benefits to hackers?

Bartolucci: Health care systems could be attractive targets for hackers because they often contain sensitive personal and financial information. Health care systems also typically have less secure networks and systems than other industries, making them vulnerable to attack. Health care organizations may be more likely to pay a ransom to retrieve lost data, making them a lucrative target for hackers.

In terms of benefits from attacking health care systems, the financial gain for a motivated hacker could be extremely high. Their access to sensitive patient data could be sold on the dark web for a profit, or alternatively, they could also use ransomware to extort money from health care organizations. Hackers could also steal financial information from patients and insurance companies, or they could use health care systems to gain access to other networks and systems to launch future attacks.

TMT: What should health care professionals look out for in case their health care systems are being compromised?

Bartolucci: Health care professionals should watch out for any sudden changes to the performance of their health care system, such as slower response times or increased instances of error messages. They should also pay attention to any unusual network activity, such as sudden and unexpected spikes in traffic, or network connections to unfamiliar sources. In addition, they should look out for any malicious emails, websites, or files that could contain malicious code. Lastly, they should monitor user accounts for any unauthorized access, such as logins from unfamiliar IP addresses or accounts with suspicious activity.

TMT: How can the health care industry protect itself from these threats?

Bartolucci: Health care organizations should implement rigorous security measures such as multi-factor authentication and encryption of data. This is essential in order to protect patient data from unauthorized access, accidental or intentional misuse, and malicious attacks. Implementing comprehensive security measures also helps to ensure that health care organizations remain compliant with relevant global regulations and standards.

Health care organizations should ensure that all personnel are educated on the potential risks associated with IoMTs as well as the steps they could take to protect patient data. While educating and training staff could be a costly exercise, it would help health care organizations to prevent human errors that could result in data breaches or other security incidents. Also, investing in the cybersecurity education of personnel would go a long way in preventing a malicious breach that could lead to more detrimental financial outcomes.

TMT: What are some professional cybersecurity solutions that could improve the security of health care systems?

Bartolucci: Beyond the ability to protect against known and unknown threats, health care institutions should select the most appropriate cybersecurity solution that caters to health care institutions such as Palo Alto Networks' Medical IoT Security, Claroty Medigate, and Fortinet Healthcare Cybersecurity solution. Once cybersecurity technology and protocols have been upgraded, the biggest vulnerability becomes the humans in the loop. Regardless of whether you're using top-notch security solutions, mandated regular training must be implemented with ongoing and constant testing of understanding for all staff.

Exclusive Networks (EXN) is a global cybersecurity specialist that provides partners and end-customers with a wide range of services and product portfolios via proven routes to market. Fabrice Bartolucci is the regional general manager of Southeast Asia and Hong Kong at Exclusive Networks whose expertise in business development helps drive business growth and build relationships.