ขนาด A5 แนวนอน, 4 สี, 2 หน้า

Size A5 landscape, 4 colors, 2 pages

What can the healthcare sector do?<br>Cybersecurity can never be 100% effective, and the threat to healthcare is an unavoidable new reality. But individuals and organisations can take practical steps to protect themselves and to reduce the effects of an attack.<br>An ultimate aim of cybersecurity should be to strengthen resilience. Resilient organisations are less likely to have their security breached and suffer less harm when breaches do occur. A simple approach to improving resilience is by maintaining secure and up-to-date backups so that an attack will not result in the permanent loss of data. In the case of a cyberattack on Papworth Hospital in 2016, a ransomware infection fortuitously happened just after the daily backup, so no data were lost.25 More generally, good cybersecurity should be incorporated into the design of new IT projects from the outset and should be inherent in all healthcare systems. Security that is bolted on, or worse still, thought about only after a major incident is often more expensive and less effective.<br>Another mechanism for enhancing resilience is insurance—a rapidly growing business with global sales of $2.75bn in 2015.26 MJ 2017;358:j3179 doi: 10.1136/bmj.j3179 (Published 2017 July 06)<br>Page 3 of 4<br> The rising costs might cause insurance companies to tread with caution in future, but the right insurance regime can drive improvements by providing financial incentives for organisations to take better care of themselves. Healthcare providers need to find cost effective ways to protect themselves against the potentially crippling costs of cyberattacks, in much the same way as they do with the costs of clinical negligence. Cybersecurity can be further bolstered by national support for incident management, organisational preparedness, and threat advice. The mechanisms for providing such support are beginning to emerge—for example, the CareCERT initiative<br>the UK.27

Horizontal size A5, color, page<br>