The Healthcare Hub

Healthcare Cybersecurity: Number one priority, preparing for the unknown

Friday, February 1, 2019

Healthcare data breaches reached an all-time high this past July. U.S. Department of Health & Human Services’ Office for Civil Rights records showed that data from 858,411 individuals were put at risk. Unfortunately, this is not necessarily surprising news, but it does serve as a reminder that a single breach can expose thousands of patient records and put individual personal information at risk for fraudulent activity. It also can be a costly event for healthcare providers from a financial and reputational perspective.

In a recent article for HealthData Management, Steve Cochran, chief technology officer for GHX, explained how a security framework using standard, best practices for healthcare providers is imperative for this valuable data. There are a variety of security challenges facing healthcare providers, but typically ransomware attacks are of the greatest concern today. This type of attack doesn’t directly impact patients or physicians but does disrupt service for functions such as supply chain, which can impact patient care.

For hospital and health system CIOs, keeping patient and business data protected and systems up and running are the primary concerns. Any intrusion or data exposure can affect both patient personal health information (PHI) and the organization from a consumer confidence perspective. With this in mind, CIOs should ask these strategic questions when developing their security strategy and framework.

  • Am I keeping up with potential threats? Implementation of technology is of course important, but also consistently ensuring that appropriate functional, administrative, process and physical controls are in place can be even more important.
  • Have I addressed the threat from employees and business partners? The healthcare industry is comprised of many systems that provide access to a lot of people. As such, a thorough assessment of employees and vendors/suppliers and on-going training in protecting the organization is critical.
  • Am I using every opportunity to prepare for “the day”? Use details from past security incidents to improve preparedness going forward to help improve responsiveness and efficiency.

Read the article from HealthData Management