Privacy & Security

Four considerations in weathering the healthcare security storm

Organizations need to prioritize resources to better understand their risk
By Karin Ratchinsky
February 17, 2015
11:04 AM

“Credit monitoring for a breach of your identity data, medical or not, is like handing out umbrellas in a tornado.” This is a fitting analogy, as healthcare is amidst a converging storm of cyber security; four forces fairly unique to other industries seem to plague the healthcare ecosystem at a confluence. Experts predict that by 2015 half of all healthcare organizations will have experienced between one and five cyber-attacks in the previous 12 months – with a third of those attacks successful. Torrential change coupled with lucrative, newly digitized information combine to make healthcare organizations a key target for cyber-attacks, the recent Anthem hack is just one of many recent examples. Organizations need to prioritize resources to better understand their risk landscape and adopt comprehensive solutions – or risk being another headline.

1. Personal health data is lucrative, worth –up to 50x other data on the black market

In 2014, healthcare accounted for 42% of all serious data breaches, and the FBI warns that with the EHR adoption deadline closing, “the industry is not technically prepared to combat against cyber criminals.” Once criminals gain access to this health data, they have increased ability to obtain prescriptions and receive medical care that could truly jeopardize your financial and medical health in the future. Data breaches damage organizations from a financial, compliance and reputation standpoint. It is critical that the right attention and investment is funneled toward thwarting data breaches to both negate and detect them early on.

2. Threats can jeopardize lives (and livelihoods)

DDoS attacks and network intrusions can wreak havoc on productivity and the bottom line – and this is true in healthcare. A recent Ponemon study concluded individuals who had their medical information stolen averaged $18,660 in out-of-pocket expenses. What is unique to healthcare, however, is that such impacts can literally jeopardize patient lives at the point of care. If a cyber-attack limits a physician’s ability to access information about allergies or previous conditions, or if they take down digital monitoring systems in the NICU, lives can truly be impacted and those implications are immeasurable. Organizations need to have the right systems in place to mitigate DDoS and network intrusion threats to ensure care critical applications have consistent availability and to protect patient’s livelihoods.

3. Highly complex access, operating and staffing environment

Healthcare providers have a labor-intensive industry, which is staffed 24/7/365 with many highly skilled players expecting instant access to confidential data. What’s more, physicians want access to this data on their tablet at the hospital and their smart phone on the golf course. Ensuring you have the right balance of secure access and ease of use for your staff is critical, and there are many user-friendly, sophisticated multi-factor authentication tools to leverage.

4. Adoption of connected devices

Healthcare players need to consider boosting security investments to prepare for the rampant adoption of connected health monitoring devices and the explosion of data that the Internet of Things will bring. Data from consumers’ health records to tracking steps, running, blood pressure and more, the Internet of Things will bring new data and it is not futuristic, nor are the risks theoretical. Consider that per the PWC 2014 report almost half of healthcare providers say they have integrated or are considering integrating consumer technologies like wearable health-monitoring devices such as FitBITs, TruFIT, Nike, etc. as part of the their daily medical practices.

Given these four considerations, IT departments must adopt new methods to respond to growing changes in cyber security. With more personalized services from urgent cares to pharmacies leveraging the Internet, the move toward patients leveraging personal devices to access healthcare information, online content and the continued digitization of information moving to the Cloud, means the cyber threats will only grow in complexity and frequency.

Organizations need to invest in comprehensive risk assessments, planning and security audits. The right combination of people, intelligence and infrastructure must be combined to effectively charter and succeed. The good news is, there are technologies and partners that can help you weather the storm – start engaging them.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Cybersecurity experts John Riggi and Richard Staynings speak at the HIMSS Healthcare Cybersecurity Forum.
Majority of cyberattacks are through third-party vendors

Most Read

Cracking the code: Deploying an AI-enabled nursing workforce
How AI is transforming cybersecurity, on defense and offense
SDPR landing zone established and more NSW briefs
New format for NZ's healthcare identifier and more briefs
Generative AI is this CISO's 'really eager intern'
HIMSSCast: Toward safer and more secure use of AI

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

Doctor looks at a desktop computer screen in a medical office
Vendor AI Roundup: Enhanced EHR offerings designed to give practices a leg up
Dennis Chornenky at UC Davis Health_PART 1_AI in healthcare concept art Photo by Just_Super/E+/Getty Images
UC Davis Health's inaugural AI chief discusses the responsibilities of the role
Greg Garcia of HSCC at the HIMSS Healthcare Cybersecurity Forum
Work like 'a beehive, an ant colony' to protect against cyber intruders
Hands use a Medtronic device on a patient's hand to aid in testing pulse oximetry quality
Medtronic dismissed from pulse oximeter lawsuit, FDA still working on guidance
Elena Branche of Druid AI on AI
Cutting through the AI hype to ensure investments have impacts
Dr. Don Rucker at 1upHealth_Physician at laptop with medical data Photo by Tippapatt/iStock/Getty Images Plus
Looking under the hood of Medicare Advantage star ratings
Clinician reviews medical notes on a tablet
OpenAI's general purpose speech recognition model is flawed, researchers say
Oracle booth at HIMSS
New Oracle EHR promises AI-enabled reinvention