SA Hospital Cybersecurity Upgrades Needed for the Vaccine Roll Out

16 Feb

All eyes are on the South African health department as the new COVID-19 vaccine begins to roll out. While slow to get the vaccine approved and distributed, the government seems to have wasted no time in developing the Electronic Vaccine Data System (EVDS). As a result of this, the country needs to be questioning if cybersecurity has been taken into consideration during the design and implementation.

what is the evds system?

The EVDS is a self-registration online system that will store the personal health information of registered users. The objective of the system is to digitise health information that will help both individuals and public health workers track vaccine information.

Once registered, users will be advised when they can get their vaccine and the system will keep an updated record of when, where and what type of vaccine they received.

what’s the risk?

While the convenience of the EVDS is evident, it should be noted that it also creates a major cybersecurity risk. If the hosted data is not properly protected and encrypted the system could be vulnerable to being hacked.

Many hospitals across South Africa are not properly geared to a digitalised environment and have little to no experience with cybersecurity protocols. All hands need to be on deck during COVID-19. This means that some staff members who have no experience with working in the digital world may find themselves a click away from a security breach. They may not protect their passwords, sign out of the system, or be unaware that clicking on an unknown email link is risky.

There have been extensive talks about introducing IoT to South African hospitals recently. But, with up to 15 electronic devices linked to each patient bed, and awareness of cybersecurity being so low at this point, it seems like just an added risk to the hospital environment. One must also consider when last these devices received security updates or even IT security patient care!

are hospital cybersecurity upgrades the solution?

At the outset, training healthcare staff members on how to access the system safely and securely is paramount. In addition to this, time and attention must go into training staff on the risks involved and how to use the system correctly. Online behaviour needs to adopt a more cautious approach, which is something that can be taught.

Hospitals will also have to check that their networks have up to date security measures in place and that they set user limitations, ensuring that certain data is protected and only accessed by a select few.

At the same time, hospitals are being encouraged to do secure encrypted data backups so that no sensitive data is stored on site. This could be one of the biggest steps that hospitals could (and should) make in terms of new security measures his year.

in conclusion

While the EVDS was launched by the National Health Department, it is the hospitals that will need to ensure that they are prepared and ready to protect the integrity and security of the personal data that is in their possession. The big question is how quickly they will be able to react in the event of any form of data breach or cyber incident?

Comments are closed.