Cybersecurity Concerns In the Age of Digital Health

Guest post by Eduard Goodman, chief privacy officer, IDT911.

Eduard Goodman
Eduard Goodman

Earlier this year, Centene Corporation lost six hard drives containing personal and health information of almost one million of its clients, including names, addresses, dates of birth, Social Security numbers, member identification numbers and health information. Unfortunately, Centene is only one of many healthcare organizations that recently had their sensitive patient information exposed. More than 113 million health records were breached in 2015 – which translates to one out of every three Americans being affected by a healthcare record breach last year. Medical identity theft is a disastrous trend that needs to be addressed. The good news is there are many steps healthcare organizations can take to reduce the risk of data breaches.

Electronic Health Records

As more and more healthcare organizations transition away from paper medical records and move to electronic health records, it is critical that security features are put in place to protect the vast amount of data being collected. Just as the digitally stored health information is more easily accessible for employees, it is also easier for cyber criminals to access.  According to the Ponemon Institute’s The State of Cybersecurity in Healthcare Organizations in 2016 report, nearly half of those surveyed said their organizations have experienced an incident involving the loss or exposure of patient information during the last year. Strong encryption, routine vulnerability patches and multi-factor authentication are key to protect health data.

Mobile and BYOD

Greater connectivity means more convenience, but this also opens more doors for hackers to access healthcare networks. Healthcare organizations should set clear BYOD policies so employees understand what can and cannot be accessed from mobile devices, what operating systems are approved for use on the network, what security features and settings are required and what type of data can be stored on devices. While using mobile devices can significantly improve productivity, it is important to minimize security risks in order to protect sensitive data.

Internet of Things

The Internet of Things is a growing trend in the tech world that has also become popular in the healthcare industry. Now, medical devices can collect, track and share enormous amounts of data instantly through internet connectivity. As these medical devices were most likely added to pre-existing networks, they may not have the necessary security protections. Security vulnerabilities are not just limited to EHR and health networks anymore – medical devices must be thoroughly inspected as well. Just as computers and servers are patched for vulnerabilities, medical devices that connect to healthcare networks must also be regularly patched. If these IoT enabled devices do not have the necessary layers of security, they will become an easy target for hackers to access the healthcare network.

Serious Consequences

The need for strong cybersecurity in healthcare organizations comes from the fact that health data is so valuable. Medical data sells for as much as 10 times what financial data fetches on the black market, so it is no wonder hackers are targeting healthcare organizations now more than ever. Criminal attacks in healthcare increased 125 percent over the last five years and are now the leading cause of data breaches. Medical identity theft is incredibly dangerous because beyond financial risks, victims’ wellbeing could be in jeopardy. With a stolen medical identity, cyber criminals are able to exploit drug prescriptions, obtain medical treatment and procedures that can drain insurance coverage and contaminate health records.

To reduce the chances of hackers gaining access to this valuable data, healthcare organizations must have the proper security measures in place. Technological advances can lead to more efficiency, productivity and convenience in the healthcare workplace, but it is extremely important that privacy and security are an even higher priority.

4 comments on “Cybersecurity Concerns In the Age of Digital Health”

Multifactor authentication is an absolute must nowadays… and not even just for health care data but for anything you really don’t want someone to gain access to. Hackers continue to get smarter and develop new methods for accessing private information every day, but 2FA is one of the few things they aren’t able to easily circumvent… yet.

Nowa days, there are Finger print recognition authentication and OTP are the additional advanced features.

Healthcare sites should minimize the push notifications with sensitive information. Health care platforms has to be very particular about sending customized interest based marketing emails. This is also a measure one should takes care.

3 key take-aways on the digital health security opportunity:

1. Healthcare companies will start to look at new security innovations that can prevent security threats, instead of just recognizing ruptures after they have already occurred, and this will significantly improve the level of protection provided and reduce operational costs.

2. New security technology will enable the cloaking of networks, allowing only authorized users to even see a system or device. .

3. Each professional across the digital health eco-system should be responsible for cybersecurity and addressing patient safety risks. Preventive models and cloaking technologies can be applied “pre-market” to protect against unauthorized access by non-malicious insiders, where vulnerabilities can be introduced.

Write a Comment

Your email address will not be published. Required fields are marked *