Microsoft Hong Kong and HKCERT Launch the City’s First Healthcare Cyber Security Watch Programme

Bringing a New Level of Cyber Protection to Hong Kong’s Healthcare Institutions and Patients with Global Cyber Threat Intelligence

December 10, 2019, Hong Kong –– Aiming to provide better protection to Hong Kong’s patients’ data and the public and private healthcare system, Microsoft Hong Kong and the Hong Kong Computer Emergency Response Team Coordination Centre (“HKCERT”) of the Hong Kong Productivity Council (“HKPC”) today jointly launched the city’s first Healthcare Cyber Security Watch Programme.

As the healthcare industry embraces digital transformation – from eHealth, big data enabled diagnosis, to Internet of Medical Things (IoMT) where connected wearables improve patient care and convenience – technology allows the healthcare industry to attain higher efficiency, smarter diagnosis and improved patient experience. Cyber security has also become more critical than ever.

With participation of 11 members including the Hospital Authority and most of Hong Kong’s private hospitals at its pilot stage since March 2019, the Programme leverages global cyber threat intelligence to help Hong Kong healthcare sector to stay aware of cyber threats and better mitigate cyber security risks. Following the success of the pilot stage, the Programme is now open for eligible healthcare institutions by invitation in Hong Kong such as clinics and medical laboratories to join at no cost.

Healthcare institutions joining the 12-month Programme will receive cyber threat reports from HKCERT and Microsoft Hong Kong indicating cyber security health level of the organisation. The report will include situational awareness of emerging cyber attacks and information of any compromised network. Regular complimentary sessions will also be provided for healthcare institutions on general cyber security updates.

“With the healthcare sector in Hong Kong currently undergoing digitalisation as part of the Smart City development, cyber security is of critical importance in any smart initiatives to improve the quality and efficiency of local medical services,” said, Edmond Lai, Chief Digital Officer of HKPC. “Through the IP address matching service of the Programme, medical institutions in Hong Kong will be able to identify those compromised computers and devices quickly and implement security measures to stop spread of attacks, ridding themselves of the unwanted tag of ‘cyber attack accomplices’.”

“Healthcare is probably one of the sectors that has the highest stakes when it comes to cyber security. Often it is not a question of if but when a cyber attack will happen,” said Winnie Yeung, Chief Legal Director of Microsoft Hong Kong. “With medical organisations running the risk of life-threatening disruptions and the sensitive nature of the data these organisations store, it is imperative to understand the threats the sector is facing and counsel the institutions on potential steps they can take to protect themselves, and most importantly, their patients’ data.”

Microsoft also shared five tips to help healthcare organizations elevate their cyber security protection:

1. Take an “Assume Breach” approach
   • An “Assume Breach” strategy assumes all users, devices, apps and networks are all risky. Providing next-generation access controls with machine learning and threat intelligence allow companies to create very specific rules that assess the risk of each access request. Taking this approach with conditional access helps companies to establish the strongest possible security posture.
2. Go password-less
   • Today when we use our phone, we can authenticate using our thumbprint or face. During the upcoming year, we anticipate the move to newer authentication methods for both consumer and enterprise applications to significantly increase as passwords are simply too easy to hack. Password replacement options, ex. biometric authentication, exist today that are easy to use and can greatly reduce risks. Windows Hello, Microsoft Authenticator, and other methods provide a simple, secure sign-on experience
3. Keep devices up to date
   • One of the best, and also easiest, ways to protect an organisation is to ensure they are running the most current software to safe from breaches.
   • For example, Windows automatically download and install security updates to make sure users’ devices are up to date with the latest security improvements.
4. Stay on top of data
   • Seven billion records  were exposed in the first three quarters of 2017 alone. As seen in the annual Microsoft Global Security Report and the Verizon Data Breach Investigations Report, every organisation is a target and threats are increasing.
   • To protect what you own, it is vital to classify each piece of data automatically according to its impact on the organisation. With Microsoft Information Protection, organisations can discover, classify, and protect all their data, no matter where it’s stored or who it’s shared with.
5. Leverage AI and adopt end-to-end security
   • The industry is still facing shortage on industry-wide skill and limited resources, the decision-making process for detecting, investigating and responding to the right threat vectors is not always straightforward. Organisations can leverage Artificial Intelligence (AI), machine learning and integrated end-to-end security tools to holistically protect their IT environment. With cyber security talent in short supply, AI and machine learning can analyse data at scale, augmenting human investigators in detecting, investigating and responding to threats over a wider risk area.

###

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

Image 1: Microsoft Hong Kong and the Hong Kong Computer Emergency Response Team Coordination Centre of the Hong Kong Productivity Council today jointly launched the city’s first Healthcare Cyber Security Watch Programme.

Image 2: Winnie Yeung, Chief Legal Director of Microsoft Hong Kong shared five tips to help healthcare organizations elevate their cyber security protection, including taking an “Assume Breach” approach”, going password-less, keeping devices up to date, staying on top of data and leveraging AI and adopting end-to-end security.

Image 3: Edmond Lai, Chief Digital Officer of Hong Kong Productivity Council explained that through the IP address matching service of the Programme, medical institutions in Hong Kong will be able to identify compromised computers and devices quickly and implement security measures to stop spread of attacks, ridding themselves of the unwanted tag of ‘cyber attack accomplices’.

Image 4: Alan Young, C.I.O. of Canossa Hospital and Precious Blood Hospital, Caritas Hong Kong (left), shared the strategy and experiences of medical institutions in Hong Kong in enhancing cybersecurity throughout the digital transformation journey.