By Navin Balakrishnaraja, practice director for healthcare IT Services, All Covered (IT services division of Konica Minolta).
Technology continues to advance the healthcare industry, providing more precision and improved delivery of care. However, it’s more important and even more challenging than ever for organizations to secure patient information and keep health data safe.
Advancements in cybersecurity measures need to go hand in hand with privacy and still a necessity. The frequency of data breaches in the healthcare industry has been on the rise and healthcare is now the most targeted sector by cybercriminals.
According to the Ponemon Institute, the average cost of a healthcare breach resulted in $7.13 million, a 10% increase from 2019. Healthcare has been a primary target in recent ransomware attacks, as you’ve probably seen the headlines and continue to hear it all over media.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have received “credible information of increased and imminent cybercrime threats” aimed at hospitals and healthcare providers in the United States. They released an advisory of this targeted activity to all healthcare networks and that it appears that targeted attacks are only going to escalate.
Because of the immutable, high-value nature of electronic patient health information (ePHI), health data is a gold mine to cybercriminals. On the dark web, the cost of one record averages around more than $400 per record. A large shift in ransomware deployment operations has taken place. Cybercriminals are like psychologists, staying one step ahead of tools and user sophistication. Many of them depend on malware, but the focus has been on gaining privileged access and exploring target networks to disable security processes.
Loaders start the infection chain by distributing the payload; they deploy and execute the backdoor from the command and control (C2) server and install it on a victim’s machine. This example shows what organizations are running up against, making cyberattacks more intricate in nature.
HIMSS organizers, in preparation of the annual conference and trade show, and as a way to rally attendees around several trending topics for the coming event, are once again asking the healthcare community how it feels about several key issues that are likely to resonate. As is often the case with this ongoing experiment, the folks in my position — those with a venue to voice their opinions who tell the rest of us what they think — pontificate on the potential impact of these trends.
Certainly, some of my fellow journalists are far better qualified than I to answer the questions posed by HIMSS with any level of authority. Therefore, I’ve given my small microphone to readers of this site so they can voice their opinions of the topics that conference goers are likely to hear about dozens of time while in Chicago.
This year HIMSS is asking what we feel will be the future of: the connected healthcare system, big data, security, innovation and patient engagement. Today, here, we focus on the future of the connected healthcare system, and what several insiders believe that future to be.
With that, enjoy and let me know if you agree with the following thoughts. If not, why; what’s missing?
Tom Bizzaro, vice president of health policy, First Databank
We’re hoping that the electronic health records (EHR) interoperability movement follows a trajectory similar to that of e-prescribing. To start, as an industry, we have to universally acknowledge the value of interoperability within healthcare IT systems. Indeed, sharing data across systems can help to improve care quality and efficiency in the country’s health system and lead to success of value-based reimbursement models. However, all players – providers, payers, patients and vendors alike – need to truly embrace the value EHR interoperability, putting it above any proprietary concerns.
Then, we need to get to work. We must continue to develop and implement a wide range of standards and vocabularies. Through these, we will ensure that our data is in synch and that systems will always be speaking the same language. Perhaps most important, we need a National Patient Identifier, which will make it possible to match information to specific patients as they traverse the health system. And, while it might seem like doing all this work will take a long time, if we roll up our sleeves and do what’s required, the EHR interoperability story will be on its way to its own happy ending soon enough.
Jonathan Isaacs, executive vice president and general manager, surgery solutions, SourceMedical
It’s 3:00 a.m. and you wake up with an acute pain in your side that won’t go away — you head to the ER. The CT scan shows nothing — you head to the GI specialist. The doctor says to get an endoscopy — you head to the ASC. The endoscopy says you have a chronic condition that will need to be managed by you, your PCP, and even more specialists. Where does all that data live? Everywhere!
It’s a changing world out there. From cancer centers to freestanding Emergency Departments, healthcare organizations must deliver quality care at lower prices. But information collected at different points can fall through the cracks, putting the patient at risk. That’s why data interoperability is a critical issue.
The solution is not to put every entity in the healthcare value chain on the same closed, monolithic EHR that tries to do everything. We have seen time and again what happens when innovation is stifled and vendors become “too big to fail.” But by embracing connectivity standards, providers and patients alike can leverage best-in-class tools purposely built for specific treatments and outcomes. The easier it is, the higher the likelihood of success. And isn’t that the whole point?