Cyber-security needs more than rules

  • March 10, 2017

Africa’s eHealth’s not strong on cyber-security rules and regulations. They’re essential, but a survey of ICT security experts in the US by Level 3 Communications says they’re not enough. The results, available from Health IT Security are that:

  1. 96% feel vulnerable to a data breach
  2. 63% have suffered one
  3. 69% say meeting compliance requirements is very or extremely effective in safeguarding sensitive data.

In the US, eHealth security and privacy rules are set out in the Health Insurance Portability and Accountability Act 1996 (HIPAA). It established national security standards for eHealth. They are a vital component to protect confidential information from unauthorised access. Level 3 says that since the act, cyber-threats and the cyber-security landscape has evolved rapidly, but healthcare can’t keep up. Cyber-security has become more essential to protect data and healthcare availability and continuity.

Three emerging cyber-security themes have become healthcare’s biggest cyber-security threats:

  1. Vulnerable connected devices the cyber-criminals can access to plant malware
  2. Distributed Denial-of-Service (DDoS) attacks that render computers or networks unavailable
  3. Phishing, accounting for more than 36% of cyber-security breaches.

Four lessons for Africa’s eHealth are clear. First, ensure effective cyber security standards, rules and regulations. Next, keep them up to date to match the expanding cyber-crime initiatives. Third, ensure compliance. And finally constantly strive to go beyond compliance with effective excellent cyber-security practices.