Today on the 30th of November, we celebrate International Computer Security Day, so let's take a look at what this means and how we in CGM approach cybersecurity.
According to Kaspersky, "Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security". But what does this mean for CGM and the healthcare industry in general?
As technology is more and more present in our daily lives, so it is in modern medicine, especially in the context of the Covid-19 pandemic. Now there is a growing need for telehealth, electronic patient/health records, and hospital management-related applications. Whereas the hospitals are more and more crowded, patients are transferred from one hospital to another.
The need for having patient data up to date and easy to access is becoming critical and can make a difference between life and death.
Along with the benefits of using telehealth technologies, there are also risks associated with it. These systems can contain vulnerabilities that can be exploited by different threatening actors like malicious hackers who are searching to gain profits from harvesting highly-sensitive data. Most importantly, they can even put patients' lives in danger by altering medical records or by making systems unavailable. If you follow the news, you can see, for example, that last month FBI issued warnings related to attacks on medical-systems and, in Germany, a patient died after a ransomware attack, which paralyzed the hospital system.
Here at CGM, we strive to find a balance between the speed of innovation and a high level of security, ensuring that our software solutions are complying with industry standards and regulations like:
In order for our solutions to comply with these regulations and guidelines, we are always working to improve the way we are developing the applications and move from the traditional application lifecycle development to an SDLC – Secure software development lifecycle, this meaning developing software with security in mind at every step in the development process.
Even if the development stage is completed this doesn't mean that the security work is, so this is only the beginning. We have in place dedicated teams that monitor the health of the environments where the applications are hosted and closely look for signs of attacks or hardening measures to mitigate potential attacks or threats. Even so, this is not enough and, to improve our security posture, we first have to understand how real attackers are thinking, so we can act to fix potential breaches before they can do so. In order to address this, our systems are regularly tested by our internal penetration testing team (a team of ethical hackers that aim to simulate real-world attacks and try to identify all vulnerabilities by using the same techniques and tools that real attackers use) and complemented with external penetration tests.
As you can see, "Cybersecurity" is a never-ending battle between attackers and defenders who must strive to deliver software while also maintaining a balance between functionality, usability, and security.
Security remains one of the most difficult challenges because the attacks are more and more sophisticated and result in substantial efforts from companies to stay on guard and protect their clients.
Remember! In these times, stay safe on all fronts: body, mentally, and digitally!