Cybersecurity in Healthcare: More than Protecting Patient Data

National Cyber Security Awareness Month (NCSAM) is coming to a close next week. While NCSAM is a only a one-month promotional campaign, cybersecurity awareness should be practiced year-round and in every industry.

Healthcare is currently undergoing a digital transformation in the United States and constantly growing in size and complexity across all the sub-verticals: provider, payor, pharmaceutical, medical device and diagnostics, genomics, and services. Everything is affected by the digital revolution and the impact of new technology on improving our health and well-being.

Clearly, the advantages of digital technology on healthcare are numerous. Not only does it empower the patient, it leads to faster diagnosis and more effective treatment, improved delivery infrastructure, and can help reduce the costs of medicine. However, some of the same drivers that are disrupting and innovating the industry are the same set of characteristics that make it ideal for all kinds of cyberattacks.  

Integrated healthcare ecosystems with shared information across medical devices and an interoperable electronic health record (EHR) system allow for continuous care and remote management. However, interoperability introduces significant data privacy and security concerns for all healthcare providers, such as keeping your patient data safe, securing patient data sent from other providers, and ensuring HIPAA privacy and security compliance by cloud EHR providers. Safeguarding patient data has been the focus of much of the regulation that defines the existing standards. However, the new reality must also include ensuring the ability of a healthcare institution to function.

Ransomware, phishing, and data breaches all compromise core healthcare systems, which immediately undermines the ability of the healthcare organization to deliver standard and emergency care to patients. Preventing access to IT systems immediately triggers life-and-death consequences to patients under care. Imagine the scenario where doctors can’t access a patient’s healthcare record, a hospital has to divert patients onboard an ambulance, nurses can’t get timely alerts for new prescriptions, and medical devices are locked and inoperable. These are all life-critical situations, and patients, their families, and regulators should expect near-perfect uptime and availability.

Despite all of the regulatory requirements around data privacy, security, and preventing data breaches of personally identifiable health information, strong cybersecurity practices are essential at this juncture in the healthcare industry.

What should an organization do to strengthen cyber security defenses?

Strategies, policies, training, and preparedness are essential aspects of building cybersecurity defenses, but these human structures rely on having the right cybersecurity technologies in place. It is important to do internal research to identify the specific threats faced at an organization, including an audit of current security tools, training programs, and security practices.

With new threats constantly being released to market, use threat intelligence to highlight unexpected application, data and user behaviors, and move rapidly to isolate and contain questionable activities before it’s too late. It could be a matter of life-and-death.

Interested in hearing more from healthcare organizations on security challenges posed by a changing threat landscape? Join me in Boston on November 14 for Splunk Healthcare Forum.

Shirley Golen

Posted by