Guest post by Joseph Schorr, director of advanced security solutions, Bomgar.
Moving into 2016, healthcare organizations will continue to be one of the most attractive targets for hackers. Last year, attacks against healthcare organizations were up 125 percent from 2010 and cost the industry $6 billion, according to the Ponemon Institute.
As illustrated in the Anthem and Excellus Blue Cross Blue Shield data breaches, hackers are moving beyond phishing attacks and random malware drops, and adopting methods that are more sophisticated. By leveraging third-party access and privileged account credentials (such as those held by IT security professionals, IT managers and database administrators) to exploit IT systems, hackers can gain an unrestricted and unmonitored attack foothold on the network. Once they have this foothold, they are remaining inside the victim’s environment for an incredible span of time – on average more than 200 days.
With this trend continuing, healthcare organizations can expect to see an uptick in these types of attacks within the industry. To combat this rise, healthcare organizations will need to focus on shoring up IT security around vendors and other third parties in the year ahead. The following are areas where they can concentrate attention to aid in this effort:
Reevaluate the legacy
In particular, third parties such as vendors are particularly juicy targets because they often use VPN and other legacy access methods to access systems. Examining and implementing more secure, sophisticated remote access and privileged access solutions is a good place to start strengthening IT security for the new year.
It’s a common misconception that VPN is a secure way to provide third-party vendors with network access. The problem lies in that an organization cannot ensure that third-party vendors’ security policies and practices are as strenuous as internal practices. If a criminal compromises a valid VPN connection, they have an open tunnel to an organization’s network and the sensitive data within.
Be in control
For too many healthcare organizations, vendors have more access than they need or their access can’t be monitored or restricted. It’s a scary question: Does your IT department know who their privileged users are and what level of IT permissions they have? If not, taking stock of those users, the systems to which they need access, and when they must access them is a critical undertaking for 2016. Following that, the organization can set access parameters that allow those privileged users to be productive and gain access to tools, data and systems they need to do their jobs, while limiting risk. Proactively controlling and monitoring access to critical systems can help tighten IT security within healthcare organizations.
Health IT pain points seem to be lingering long despite the never ending promises and hope eternal new technology innovation seems to offer. Every sector has its prickles, no doubt, and much is left to overcome in healthcare, but given the complexity and the copious amount of change and development here, it’s of little surprise that pain is being felt.
What may be surprising, though, is that like patient engagement, there seems to be a different type of pain, and severity of pain, depending on who you ask.
With that, for greater clarity, I decided to ask some of health IT industry insiders what they’re pain points were and why. Their responses follow:
Dr. Trishan Panch, chief medical officer, Wellframe
One of the biggest pain points for hospitals is that we’ve come across a health system’s inability to scale care management resources. They are effective in improving outcomes when patients are engaged, but because of limitations around existing models (i.e. human interaction via phone or in-person) only a small proportion of the patient population can be engaged. That’s why organizations are turning to technology solutions to scale care management resources to reach more people.
One of the biggest pain points for physicians today is the lack of interconnectivity between different IT systems. Participation in the meaningful use program has helped create some common standards for communication but, for a variety of reasons, these have not yet lead to widespread, effective clinical data sharing. Few physicians can operate in the ecosystem of a single electronic medical record, since they often work in systems that are different, from practice, various hospitals and other places of care.
Interoperability is a pain point in healthcare IT, particularly when it comes to transitions in senior care. Connecting the care delivery ecosystem to provide safer transitions of care is critical to long-term care. While some individuals may require short-term rehabilitative care, others may need home-based care, assisted living or long-term and hospice care. As seniors move through these different stages or between acute care and post-acute care, these transitions pose challenges for healthcare providers. Ideally, all the information that clinicians need to treat the individual will be available when he arrives at his new destination. However, this is not always the case. Healthcare providers, both long-term and acute, must invest in an infrastructure that supports seamless transitions of care; interoperability plays a vital role. Connecting healthcare providers across the care continuum will allow for better health outcomes, help reduce unnecessary hospital re-admissions, as well as keep healthcare costs down.
There are various statistics about the negative impact paperwork has upon providing healthcare. The AHA has estimated it adds at least 30 minutes to every hour of patient care provided. A main pain point continues to be the ability for IT to implement efficient EHR systems. At the core of any EHR system are its image capture capabilities. It must be simple to use throughout the workflow process. This includes image capture, editing, saving and sharing. The capture, or scanning, must be speedy. Editing features must be clear in how to use. This minimizes learning curves at the start. It also optimizes the speed of processing documents during the life of its use. Easy saving to local or network locations should also enable simple and secure sharing too. When one, some or all of these areas stall, it can cripple the realization of benefits from digital document management.