Patient Informatics

15. Security and cyber considerations

In organisations with developed I.T. infrastructure, an increased alert should be maintained for cyberattacks, in particular the deployment of Ransomware or similar malicious applications. Although most organised groups of malware vendors have indicated publicly that they will not knowingly attack healthcare targets at this time, the current timing would be perfect to most likely extract cash payments to remove any disruption to services that occurred.

Good cyber security should include the use of latest supported software on all Radiology PCs and equipment (including CT scanners, DDR mobiles and ultrasound machines etc.) which is up to date with all high priority and security updates performed ideally within seven days of release. Password security for all user accounts should be increased, particularly for higher level administrative or server accounts all default passwords disabled.

An agreed process to assign users, recording the approver, permissions level if applicable, due date for review or revocation should be in place or agreed early on, with the ability for enforced changes to users passwords if a compromise is detected. The use of administrator accounts when working normally should be avoided. Unsupported software and all unneeded software should be uninstalled, with functions such as autoplay and autorun disabled to reduce risks.