Guest post by Donald Voltz,MD, Aultman Hospital, Department of Anesthesiology, Medical Director of the Main Operating Room, Assistant Professor of Anesthesiology, Case Western Reserve University and Northeast Ohio Medical University.
As Halloween approaches, the usual spate of horror movies will intrigue audiences across the US, replete with slashers named Jason or Freddie running amuck in the corridors of all too easily accessible hospitals. They grab a hospital gown and the zombies fit right in. While this is just a movie you can turn off, the real horror of patient data theft can follow you.
(I know how terrible this type of crime can be. I myself have been the victim of a data theft by hackers who stole my deceased father’s medical files, running up more than $300,000 in false charges. I am still disputing on-going bills that have been accruing for the last 15 years).
Unfortunately, this horror movie scenario is similar to how data thefts often occur at medical facilities. In 2015, the healthcare industry was one of the top three hardest hit industries with serious data breaches and major attacks, along with government and manufacturers. Packed with a wealth of exploitable information such as credit card data, email addresses, Social Security numbers, employment information and medical history records, much of which will remain valid for years, if not decades and fetch a high price on the black market.
Who Are The Hackers?
It is commonly believed attacks are from outside intruders looking to steal valuable patient data and 45 percent of the hacks are external. However, “phantom” hackers are also often your colleagues, employees and business associates who are unwittingly careless in the use of passwords or lured by phishing schemes that open the door for data thieves. Not only is data stolen, but privacy violations are insidious.
The problem is not only high-tech, but also low-tech, requiring that providers across the continuum simply become smarter about data protection and privacy issues. Medical facilities are finding they must teach doctors and nurses not to click on suspicious links.
To thwart accidental and purposeful hackers, organizations should implement physical security procedures to secure network hardware and storage media through measures like maintaining a visitor log and installing security cameras. Also limiting physical access to server rooms and restricting the ability to remove devices from secure areas. Yes, humans are the weakest link.
Medical data theft is a growing national nightmare. IDC’s Health Insights group predicts that one in three healthcare recipients will be the victim of a medical data breach in 2016. Other surveys found that in the last two years, 89 percent of healthcare organizations reported at least one data breach, with 79 percent reporting two or more breaches. The most commonly compromised data are medical records, followed by billing and insurance records. The average cost of a healthcare data breach is about $2.2 million.
At health insurer Anthem, Inc., foreign hackers stole up to 80 million records using social engineering to dig their way into the company’s network using the credentials of five tech workers. The hackers stole names, Social Security numbers and other sensitive information, but were thwarted when an Anthem computer system administrator discovered outsiders were using his own security credentials to log into the company system and to hack databases.
Investigators believe the hackers somehow compromised the tech worker’s security through a phishing scheme that tricked the employee into unknowingly revealing a password or downloading malicious software. Using this login information, they were able to access the company’s database and steal files.
Healthcare Hacks Spread Hospital Mayhem in Diabolical Ways
Not only is current patient data security an issue, but thieves can also drain the electronic economic blood from hospitals’ jugular vein—its IT systems. Hospitals increasingly rely on cloud delivery of big enterprise data from start-ups like iCare that can predict epidemics, cure disease, and avoid preventable deaths. They also add Personal Health Record apps to the system from fitness apps like FitBit and Jawbone.
Banner Health, operating 29 hospitals in Arizona, had to notify millions of individuals that their data was exposed. The breach began when hackers gained access to payment card processing systems at some of its food and beverage outlets. That apparently also opened the door to the attackers accessing a variety of healthcare-related information.
Because Banner Health says its breach began with an attack on payment systems, it differentiates from other recent hacker breaches. While payment system attacks have plagued the retail sector, they are almost unheard of by healthcare entities.
Guest post by Santosh Varughese, president, Cognetyx.
The U.S. healthcare industry is under siege from cyber criminals who are determined to access patient and employee data. Information security think tank Ponemon Institute’s most recent report on healthcare cyber security, published in May 2016, revealed some sobering statistics:
In the past two years, 89 percent of healthcare organizations – and 60 percent of their business associates (or BAs) – experienced at least one data breach, with 79 percent experiencing two or more breaches. The most commonly compromised data are medical records, followed by billing and insurance records. These breaches have not declined since Ponemon began tracking them in 2010.
The average cost of a healthcare data breach is about $2.2 million.
Criminal attacks, from outside the organization or from malicious insiders, account for half of all healthcare data breaches, the other half being due to mistakes by employees or BAs.
The majority of respondents (69 percent of healthcare organizations and 63 percent of BAs) feel that the healthcare industry is at greater risk of breaches than other industries. Despite these concerns, the majority of respondents reported that their organizations had either decreased their cyber security budgets or kept them the same.
Another study conducted in April by IBM, found similar problems, as well as insufficient employee training on cybersecurity best practices and a lack of commitment to information security from executive management.
With only about 10 percent of healthcare organizations not having experienced a data breach, hackers are clearly winning the healthcare data security war. However, there are proactive steps that the healthcare industry can take to turn the tide in its favor.
Data Security Starts with a Culture of Security Awareness
Both the IBM and Ponemon studies highlight an issue that experts have been talking about for some time: despite increasing dangers to information security, many healthcare organizations simply do not take cybersecurity seriously. Digital technologies are relatively new to the healthcare industry, which was very slow to adopt electronic records and when it finally did so, it implemented them rapidly without providing employees adequate training on information security procedures.
Unfortunately many front-line employees feel their only job is to treat patients and that information security is “the IT department’s problem.” These employees fail to grasp the importance of data security, and are not educated on the dangers of patient data breaches, reflected in Ponemon’s findings that employee mistakes account for half of all healthcare data breaches.
The healthcare industry needs to adjust this attitude toward cybersecurity and implement a comprehensive and ongoing information security training program, and cultivate a culture of security awareness. Information security should be included in every organization’s core values, right beside patient care. Employees should be taught that data security is part of everyone’s job, and all supervisors – from the C-suite down to the front line – should model data security best practices.
Additionally, organizations should implement physical security procedures to secure network hardware and storage media (such as flash drives and portable hard drives) through measures like maintaining a visitor log and installing security cameras, limiting physical access to server rooms, and restricting the ability to remove devices from secure area. Continue Reading
Since 2011, more than $870 million have been invested in more than 65 healthcare artificial intelligence (AI) startups. These startups concentrate on various areas, from nursing to drug discoveries, where AI’s potential can be put to best use. This is where the world’s heading towards and the future of healthcare lies.
The roots of AI may have been from some science fiction storytellers, but now, the reality is that AI plays a major role in our everyday life. Beginning with the IBM Watson supercomputer defeating the longtime Jeopardy champion, Ken Jennings, the world started taking notice about what artificial intelligence can do.
With Google and IBM making tremendous progress with their AI initiatives and the other tech giants (Like Apple, Dell, Facebook) trying to catch up, it makes us wonder what will happen when one day we have robots running around doing our everyday chores.
But, the main question should be what will happen when AI does fully breach our day to day lives: Will we embrace this reality and let robots take us over? And do we really need or is it desirable to have self-driving cars and artificial intelligence? Should computers acquire enough data and knowledge to replace our existing doctors?
Maybe we do or maybe we don’t, but let’s stop before we get ahead of ourselves.
AI should not be perceived as “artificial intelligence” but rather as “augmented intelligence.” It has the potential to process data and make cognitive decisions, which an average human can take many months to process. AI has truly opened numerous opportunities in the field of healthcare, which was humanly impossible just a few years ago.
Getting into the facts, the main advantage AI has over a normal human being is the ability to process a gazillion data points within seconds.
So let’s imagine a patient walks in with a flu – even to diagnose and treat this common illness with the right medication can take a while. There are some cases where the patients don’t even react to the medication. These are common scenarios, as each body reacts differently to different medicines leading to an increased treatment time. Whereas, if the diagnosis is powered with an AI backed system to help, doctor’s will be armed with all the right data and can diagnose and prescribe the right medication within minutes.
How’s that for a game changer?
Yes, AI is the perfect medical assistant to healthcare professionals.Through an iPad based electronic medical record, even the patient genome studies could be integrated into their electronic medical reports. Armed with this data, AI has enough information to make a better analysis and provide accurate treatment plans based on the patient’s medical history, genetic conditions and other medications they are taking for other illnesses.
It isn’t that doctors aren’t skilled, intelligent or capable enough—it is that the demands being placed on them are too great.
Time and documentation demands mean that something has to give. As many physicians have pointed out over the years of the HITECH Act’s implementation, the thing that normally “gives” is facetime with patients: actual, hands-on delivery of care and attention. Instead, they are driven to input data for documentation, follow prompts on EHR interfaces, ensure their record-keeping practices will facilitate correct coding for billing, as well as tip-toeing around HIPAA and the explosion of security and privacy vulnerabilities opened up by the shift to digital.
The reality of modern medicine—and especially the rate at which it evolves, grows, and becomes outdated—means that doctors need what most every other industry has already integrated: more brains. Not simply in the form of EHRs for record-sharing, or voice-to-text applications as a substitute for transcriptionists, but as memory-supplements, or second brains.
As a species, humans are also evolving away from memory as a critical element of intelligence, because we now have devices—“smart” devices—always on, always on us, and always connected to the ultimate resources of facts and data.
Our smart devices—phones, tablets, etc.—are gateways to the whole of human knowledge: indexes of information, directories of images, libraries question and answer exchanges. In effect, we are increasingly able and willing to offload “thinking” onto these devices.
Supplement or Supplant?
Depending on the context and application, this trend is both helpful and potentially harmful. For those prone to critical thinking and equipped with analytical skills, offloading some elements of memory to these devices is a question of efficiency. Even better, the more they practice using it, the more effective they become at integrating devices into their cognitive tasks. In others (those less prone to think critically), it is a shortcut that reduces cognitive function altogether: rather than a cognitive extension, the devices act as substitutes for thinking. Similarly, increasing over-reliance on the internet and search engines further diminishes already deficient analytical skills.
The standard roadmap for a medical education entails a lot of memorization—of anatomy, of diseases, of incredible volumes of data to facilitate better clinical performance. It isn’t memorization simply for the sake of recitation, though; it is the foundation for critical thinking in a clinical context. As such, medical professionals ought to be leading candidates for integrating smart devices not as crutches, but as amplifiers of cognition.
So far, that has been far from the dominant trend.
Enter the Machine
Integrating computers as tools is one thing, and even that has proven an uphill battle for physicians: the time and learning curve involved in integrating EHRs alone has proven to be a recurring complaint across the stages of Meaningful Use and implementation.
Patient engagement—another of the myriad buzzwords proliferating the healthcare industry lately—is another challenge. Some patients are bigger critics of the new, digitally-driven workflows than the most Luddite physicians. On the other hand, some patients are at the bleeding edge of digital integration, and find both care providers and the technology itself moving too slowly.