By Mark Gross, senior principal product manager, Kofax
When it comes to data security, healthcare organizations are stuck between a rock and a hard place. To provide proper patient care, their staff needs access to the right information, and quickly. At the same time, the law requires them to protect the sensitive data included in electronic medical records (EMR).
A wide array of devices are used to collect and transmit patient data – including computers, mobile devices, IV pumps and X-ray machines. Today, all of these are connected to the internet, the hospital network and other medical technologies, even though many of them have few, or no, security protocols in place.
The situation’s made even more complex by the public nature of hospital environments. Many connected devices containing sensitive data are left unattended, leaving the entire network exposed. The result’s an increase in cyber and data security threats.
Right now, nearly all healthcare organizations are facing an added challenge brought on by the COVID-19 global pandemic. Many healthcare workers aren’t working in their normal environments, they’re helping in other departments, hospitals and even pop-up field hospitals. With all the displaced healthcare workers, their normal print and capture workflows are left behind with their devices—and the security of the patient data contained in documents printed or scanned elsewhere may be at risk.
Healthcare organizations need a comprehensive security strategy to protect against a breach. The best of these is a systematic approach that tests all connected devices for vulnerabilities. Once identified, security threats should be prioritized so the most severe can be addressed quickly. Regular software updates and patches are just as important, as is replacing outdated equipment with new devices that have security built in.
Because they don’t stand out as threats, multifunction devices, printers and imaging devices are often overlooked during security reviews. In reality, however, both of these handle a lot more data than people realize.
Gloomy facts about healthcare costs in the US became even scarier for the US residents when the pandemic knocked on their doors. It’s almost unbelievable to think that $2.16 billion was spent on hospital care and medical professionals.
If we take into consideration that the money doesn’t come from the rising demand for healthcare services and larger employability, but derives from high costs of services, it’s no wonder that the coronavirus brought America’s healthcare to its knees.
Furthermore, heart disease and diabetes are the most common diseases in the States. These two diseases account for 85% of all costs in American healthcare as they are time-consuming, difficult, and expensive to treat on a day to day basis.
Only a few industries require resilient cybersecurity measures like healthcare. Yet, healthcare has a colossal cybersecurity problem. Data breaches continue to plague patients’ private medical records, in spite of their life-threatening conditions, spending large amounts of money, and entrusting financial information.
Healthcare remains a big target for cybercriminals, sitting firmly in their cross-hairs. Just for 2015, IBM reported more than 100 million breaches of medical records. Some organizations commit to privacy no matter what, but healthcare organizations are not keeping pace in adopting and promoting cybersecurity. But why do most healthcare organizations not have the latest cybersecurity tooling? Some of these reasons, we review in this article.
Why Hospitals and Care Facilities Lack of Robust Cybersecurity
The key reason why cybersecurity is not a conspicuous feature in may healthcare set-ups include:
#1 Limited cybersecurity awareness
Most hospitals concentrate on upgrading their medical technology and employing the best medical personnel and peripheral staff. They ensure they save lives more quickly and offer better overall care. While this is a reasonable practice, they soon relegate cybersecurity to the back-burner. The truth is, cybersecurity is a vital complement to these core values and priorities. Most of the time, hospitals can justify their need for an entire IT team, or at worst, a cybersecurity lead. However, directors may not have the necessary information to decide so.
#2 Lucrative healthcare targets
Hospitals are not always to blame, though. There’s an avalanche of attacks on hospitals. It is worth all of an attacker’s time to target a healthcare organization. As highly lucrative targets, these organizations can reveal data on a cast number of people at once. That is why standards are high to keep these organizations from the reach of attackers. But, what do you do when the attacker never quits chasing?
#3 Size of the specific organization
Many healthcare organizations are massive operations. It makes them increasingly vulnerable. Because more people are involved in the system, there are inevitable, more possible points an attacker can exploit. Imagine just one healthcare staff among several thousand falling for a phishing scam. It can compromise the whole system.
#4 Inconsistency with process
It often appears almost impossible to create and enforce consistent security standards and procedures. The reason is that the size of health organizations and hospitals means they may need to operate out of several buildings. Employees may then adhere to varying best practices, and in some cases, use different systems. Thus, it is hard to have a decent cybersecurity posture.
#5 Shared networks in healthcare organizations
Infosec revealed that one primary reason hospitals continue to appeal to cybercriminals is that most hospitals depend on shared wireless networks. Multiple devices on one network mean that one single point of vulnerability is all a hacker needs to access the whole system. It is a ticking time bomb.
Possible Solutions to Healthcare’s Cybersecurity Issues
What then can healthcare institutions and hospitals do to be on par with the latest cybersecurity practices? It turns out there’s so much they have control over:
Most hospitals can begin by adopting more advanced current technologies to protect patient information and keep their systems secure. Advanced software, monitoring systems, and futuristic tech such as biometrics are examples.
A cybersecurity budget is small fry for most healthcare organizations. It is merely a question of how much premium is on it like the infographic at the end shows across several industries. Prioritizing technological security features will add a decent layer of security around hospital operations. While hospitals may commit their entire budgets to cybersecurity, a hire, who knows their onions can promote substantial improvement.
Impossible projects, crazy deadlines and short staffing present a bigger challenge than their own resolution: They draw focus away from important revenue cycle functions that maintain positive margins. Caring for the patient is, of course, the healthcare provider’s core mission. Healthcare’s financial operations help to achieve that mission.
Those involved in the revenue cycle process grasp the value efficiency and agent productivity can bring to an organization.
Reduced cost, greater performance, and the capacity to work through more patient accounts are the direct benefit, and those goals tie directly to financial performance and the core mission of outstanding patient care. Workflow, data analytics, reporting and performance dashboards are just a few of the tools you use to get to that point.
When working with new technology, having a resource to leverage from an outsourcing perspective can be very beneficial. Providers who outsource do so because they know their health system functions more efficiently when they can focus on what they do best.
What are the specific reasons that make outsourcing a particularly attractive investment right now? Three factors contribute:
It’s difficult to stay up-to-date on today’s technology. Whether it’s a smart phone, a smart appliance, or a smart digital assistant like Alexa, new features critical to your process come and go at a rapid pace. Leveraging technology outsourcing resources helps healthcare providers digest this information easier and implement solutions faster.
Siloed information means common, effective practices are shared less freely. Mergers, acquisitions, and other forms of consolidation make it difficult to reconcile the most effective practices that different parts of a health system use. A good managed services team focused on your technology can bring all that information together, which means more harmonious operation not only within your team, but in concert with others.
Increasing productivity is the key to financial success. Fully-leveraging new technology can be the key to managing talent, setting goals, and ultimately improving productivity, while using expert resources in a technology outsourcing capacity can help you bring in new features quicker. Together, these practices lead to faster returns on investment as providers today are faced with reduced reimbursements.
Guest post by Manish Mathuria, CTO and co-founder, Infostretch.
Digital transformation means different things to different industries. On the consumer front, Amazon didn’t even have to transform itself, because it was born in the digital age. On the other hand, for pharmaceutical and medical device manufacturers, much of their innovation is heavily dependent on the move from a physical, analog world to a digital world.
This brave new digital world is fraught with perils, partly because of the necessary regulation, and partly because many digital advances represent new ground, so there may be no precedent for assuring product quality (which in this example translates to patient safety). Indeed, topping the complexities facing many healthcare companies is the fact that they are operating in a regulated environment, both in the U.S. and globally. The U.S. FDA and other regulatory agencies worldwide require them to maintain strict vigilance on the testing of products, while at the same time they want to be doing rapid development.
Take LifeScan, for example, an operation of Johnson and Johnson. With a long history in the medical devices field, its blood glucose monitoring (BGM) line is one of the most-prescribed brands in the industry. LifeScan is taking the conventional BGM device full-bore into the digital era, with a concentration on mobile. As you might expect. their market is growing at a healthy rate (much as diabetes is growing at an “unhealthy rate”), and they face competition both from established companies and innovative newcomers, notes Ed Hein, Manager – Digital Verification and Validation at LifeScan.
LifeScan is enabling patients to track their blood glucose readings on their mobile devices and online; their healthcare providers and health management companies can access their data via API interfaces. This provides faster access to the data and more accurate tracking and trending. Being able to present that data to the patients, their providers and loved ones more accurately lets them live a normal life.
Like other companies in the healthcare field, LifeScan’s competitive advantage and market position was strengthened by its ability to accelerate cycle time to get new software-based capabilities to market faster and more efficiently. This meant changing its software testing approach from traditional –often manual– Quality Assurance (QA) to a more proactive Quality Engineering (QE) process that integrates software testing and development and leverages automation.
This transition has been common in some industries but is rather new in healthcare. The good news is that it is driving innovation and, because of more efficient and effective testing processes, accelerating product approvals (READ: time to market).
By integrating QA more tightly with the development process, LifeScan has also been able to integrate its organizational structure as well. This has provided additional visibility to additional opportunities to accelerate the development lifecycle.
Guest post by Ken Perez, vice president of healthcare policy, Omnicell.
Tracy Morgan, the “30 Rock” and “Saturday Night Live” star, once said, “Bad news travels at the speed of light; good news travels like molasses.” Such is the case with respect to the cost and clinical performance of the U.S. healthcare system.
Steven Brill, founder of Court TV and the American Lawyer, famously pilloried America’s healthcare system in “Bitter Pill: How outrageous pricing and egregious profits are destroying our healthcare,” the cover article in the March 4, 2013 issue of Time and the longest in the history of the magazine. Brill wrote, “In the U.S. people spend almost 20 percent of the gross domestic product on health care, compared with about half that in most developed countries. Yet in every measurable way, the results our health care system produces are no better and often worse than the outcomes in those countries.” In a subsequent article in the Jan. 19, 2015 issue of Time, Brill went on to describe the U.S. as having “a broken-down jalopy of a health care system.”
Brill’s “Bitter Pill” article received generous coverage by CBS, the Commonwealth Club, the Huffington Post, the Los Angeles Times, National Public Radio, the New Yorker, the New York Times, and even Jon Stewart’s “The Daily Show.”
The July 28, 2015 issue of the Journal of the American Medical Association (JAMA) included an article, “Mortality, Hospitalizations, and Expenditures for the Medicare Population Aged 65 Years or Older, 1999-2013,” that shared the findings of a study of over 68 million Medicare fee-for-service and Medicare Advantage beneficiaries by H.M. Krumholz, et al.
This lengthy, detailed, heavily footnoted, and carefully written study reported the following encouraging findings:
From her hospital bed, the little old woman gathered herself beneath her tissue-paper thick blankets and wondered about many of the things she’d face in her future. Though the room wasn’t cold, wringing her hands through the folds of the cheap cloth were all she could do to keep herself calm.
The television blared above her prone body; it made the only noise except for the rasp of her short breath. Occasionally, an orderly passed by but made no effort to breach the curtain door, and made her way down the hall.
A newspaper lay unopened at her side, not a word of it read, mostly because of the glaucoma in her right eye. Thus, the television called out, it being the only thing to steer her thoughts back from the darkness and confusion that seemed to take hold.
A relatively healthy 95-year-old women prior to the automobile accident (that consequently was not her fault), she seemed to suffer the unimaginable at her age and come out alive. Though doctors wouldn’t guarantee her recovery during the first few days, they were more optimistic now that her broken leg, broken arm, fractured wrist, broken shoulder and cracked ribs had not killed her.
She’d made it this far, they reasoned; and if the whole experience didn’t kill her then certainly it would make her stronger.
So alone she sat, except for when the occasional visitor stopped by, much of the time scared and most of it confused.
In came the food, out went the plates. In came a doctor, what was left were his orders. The occasional nurse checked her machines and gave her a pill; conversation was limited to, “How are you feeling today?” or “Are you in pain?”
There’s no surprise she feels out of place. Clearly, thoughts of giving up come to mind and she wonders if she’ll be able to survive the three or four months of required physical therapy for her to recover.
Even worse off, without any real family to guide her through, she sat quietly trapped in her own thoughts.
Finally, at one point, randomly looking at the computers in the room, she said softly, “Everything is mechanical now.” It was a statement, like something said in fear and loathing. She wrung her hands some more and closed here eyes.
When the nurse came in, the old lady requested a pain pill and the nurse left to retrieve it. Upon her return, the nurse handed over the small white pill and a shot of water and said she’d stay until she was sure it had been swallowed.
Thirty seconds later she was gone, again. Alone, the old woman tried to remember her home and its warmth and did her best to recall a lifetime – nearly a full century – in which she’d been engaged lovingly by family and friend.
It’s all mechanical, now, she said again, wondering in silence as her companion, the television, blared on.