Kenya Cyber Security Report 2015
Cyber Security Perspective from the
Healthcare Services Sector
Collins Ng’eno | Chief Information Officer, Nairobi Hospital
T
he past decade has seen an
of the card, medical data is static and even
increased growth in application
if the breach was discovered there would
of ICT in Kenya by healthcare
be no way of invalidating the information.
providers such as hospitals, specialist
clinics and medical insurance providers.
In January 2015, the Government of Kenya
announced a partnership with a leading
electronically in the country. Cybersecurity
will therefore no longer be an option or
While there are tremendous benefits in
multinational as a key technology partner
terms of care delivery and organisational
for a wide-scale radiology infrastructure
efficiency from the expanded use of
modernization program. This program
networked technology; adoption of
is aimed at transforming 98 hospitals
technologies such as connected medical
across Kenya’s 47 counties through a
devices, cloud networks and personal
comprehensive, wing-to-wing solution
health devices has introduced new
package that will see modern radiology
vulnerabilities.
equipment available in public hospitals
Healthcare organisations can no longer
across the country.
ignore the risk of cyber-attacks which has
Unlike industries such as finance, which
an after thought, but a critical strategic
agenda that the healthcare providers
in the public and private sectors should
incorporate in their existing governance,
risk management and business continuity
frameworks.
largely been associated with financial
have already been transformed by
The biggest challenge that this and
technology, many organisations in the
other similar programs face is availability
healthcare industry have not invested
of qualified radiologists to read and
sufficiently in robust ICT security measures
interpret the images on site due to the
that can protect health data, interfaces,
shortage of specialist doctors in the
repositories, databases, connected medical
country. It’s against this backdrop that
devices or personal devices.
we have seen the birth of tele-radiology
With no immediate answers in sight for
services in Kenya, where medical images
organisations’ tight security budgets
are transmitted over the internet to a
and the limited ICT security talent pool,
radiologist for purposes of reporting.
managed security providers would
The emergence of electronic health
records (EHR), mobile applications and
online portals has made it easier for
institutions in the past. We are likely
to see an increase in the frequency of
attacks in the future and the financial and
legal consequences will become more
damaging.
offer an ideal partnership for many
patients and providers to access and
The process is completely web based.
share information. EHRs contain massive
Once a radiographer (technician) in the
amounts of personally identifiable
hospital or clinic performs an examination,
information which makes it very attractive
the information is sent via a secure
to cyber criminals. It is estimated that
network to a team of radiologists who
globally stolen medical information costs
interpret the examination and the
Managed solutions deliver many benefits
up to 10 times more than credit card
report is sent back to the hospital.
ideally suited for healthcare security
information in the black market, because
unlike credit card information whose
usefulness is limited to the validity period
The above development will definitely
increase the amount of medical
information held or transmitted
organisation. Such partnerships will help
address existing security gaps and provide
customized solutions aligned to the
organisations’ business strategy.
concerns and deserve a closer look from
any healthcare provider ready to address
the challenges that lie ahead.
30