Electronic patient records, new healthcare applications, connected medical devices and regulatory/compliance changes, such as the HITECH Act, MACRA, and the 21st Century Cures Act, are making it easier for doctors to share patient records, affect patient outcomes and increase the quality of care, but are also contributing to an explosion in healthcare data. Top federal health IT areas of focus include data standardization, data integrity, information exchange, interoperability, analytics, storage, infrastructure modernization, legacy system modernization, cloud adoption, telehealth and mobile applications.
This rapid growth is enabling innovation and changing patient expectations, but posing significant challenges for IT to meet demands. As Government agencies like the VA and DoD move to modernize and digitalize systems, the growth of big data and information sharing is heightening risk.
Healthcare agencies need to not only deliver improved care and patient experience but also ensure that patient data and privacy are protected.
Healthcare IT Threat Landscape
According to the Ponemon Institute, the top cyber threats for healthcare organizations in 2016 were ransomware, malware, and denial of service (DDoS). Many cybersecurity experts consider ransomware the fastest-growing threat across all industries, but healthcare organizations are especially vulnerable due to their need for uptime and willingness to pay.
Other threats include:
- Medjacking: The Hospira insulin pump and St. Jude cardiac devices are examples of how hackers could take advantage of medical devices with security vulnerabilities.
- The Internet of Medical Things: From wearable patient devices to remote monitoring apps, more endpoints are connecting to healthcare networks. Each represents a new potential entry point for hackers.
- Insiders: The majority of data breaches are caused by compromised accounts and IT professionals need to pay attention to not only malicious insiders but also risks resulting from human error.
Combating Healthcare Threats
Healthcare IT must design a plan that takes a holistic approach to data security and combines technology, people and processes.
- Follow Industry Standards: NIST, a cybersecurity framework of standards, guidelines, and best practices created through a collaboration between industry and government to promote the protection of critical infrastructure is a good starting point for government health IT.
- Institute Workforce Training: There also needs to be more emphasis on workforce training on current threats, how to spot malicious links and detect phishing attempts has been proven to significantly reduce this common threat.
- Update Legacy Technology: Legacy technology is among the biggest challenges for government healthcare IT. Organizations need to find and patch all vulnerabilities resulting from applications and systems that are no longer supported and make a plan to update and modernize technology where feasible.
- Employ Encryption: All data should be encrypted whether at rest or in motion. The case of Denton Heart Group is case in point. An unencrypted hard drive that contained seven years of backup electronic health record data was stolen exposing over 200,000 patient records.
Creating an IT Healthcare Plan
Today's healthcare CIOs must balance stringent security and privacy regulations with a need to meet consumer demands and provide an excellent patient experience. As healthcare IT leaders depend on technology investments to modernize the healthcare experience and differentiate their organization they must not lose sight of security concerns.
OneNeck IT Solutions is committed to helping our customers support best practices, mitigate costs, improve service levels and meet industry compliance regulations. Our experts have a broad degree of experience working with healthcare organizations to improve efficiency and agility while providing the highest level of protection for healthcare data.