There’s no disputing that upon implementing, physicians, nurses, and hospital administrators will be able to store and access patient information more easily than before. Although such an approach enables them to develop treatments for specific customers, IT professionals and government officials believe care facilities need to improve their security before progressing to the cloud.
A number of cloud solutions offer expanded data protection; however, the current state of many electronic health records systems is lackluster, at best. Data flowing between hospital PCs and mobile devices opens new avenues — creating an environment hackers could potentially exploit to steal sensitive personal health information.
An official security warning
According to Reuters, the Federal Bureau of Investigation recently informed health care providers their cyber-security infrastructures were unsatisfactory compared to other industries. Although cyber criminals have been known to attack the retail and financial sectors, they could also use electronic records containing insurance and payment information to gain access to bank accounts, personal addresses, phone numbers, and other data.
Reuters obtained a private notice sent to hospital administrators criticizing their lax network defense programs. Issued earlier this month, the memo did not mention the Healthcare.gov breach, which has been criticized by professionals for numerous security flaws. It further implored recipients to contact the FBI in the event any breaches occurred.
The source stated that criminals typically favor health care information because it takes longer for victims to realize that any intelligence has been stolen. Although they often don’t leverage the information itself, hackers often sell such data on the black market. To deter infiltration attempts, some hospitals have invested in cloud infrastructure featuring applications that encrypt data as it flows through the networks.
Breaches are ubiquitous, but aren’t huge
In light of numerous successful infiltration attempts in the retail sector, telecommunications company Verizon recently conducted a study to determine how often different industries experienced data breaches and measured the severity of those attacks. In regard to the health care market, the 2014 Data Breach Investigations Report showed that 23 breaches occurred worldwide, with 6 of them labeled as “small,” 1 of them as “large,” and 16 as “unknown.”
The study also found that 46 percent of the data infiltration attempts were successful due to information loss or theft. Insider misuse accounted for 15 percent while publishing errors and inappropriate disposal methods rang in at 12 percent. The DBIR claimed that preventing unauthorized users from viewing the data will help protect patient information.
“Encryption is as close to a no-brainer solution as it gets for this incident pattern,” detailed the report.
So what’s preventing hospitals from implementing such measures? CIO contributor Brian Eastwood wrote that health care professionals often find it difficult to measure the return on investment of Big Data security — and of encryption techniques in particular.
He further noted that although Symantec’s 2014 Internet Security Threat Report claimed that 37 percent of all data breaches originated from treatment centers, the Health Insurance Portability and Accountability Act (HIPAA) requires these facilities to disclose every breach involving more than 500 individuals.
Based on Verizon’s and Symantec’s reports, it’s clear that health care professionals must do the following:
- Invest in architecture that can be readily accessed by employees but can still deter cyber-attacks.
- Train personnel on how to properly interact with environments containing private patient information.
- Prevent insider misuse from persisting.
- Either hire or create IT teams dedicated to monitoring all network and server activities.
- Consider making an initial down payment on advanced technology such as or data analytics.
To avoid missing out on the advanced computing technologies other professionals are capitalizing on, health care providers must ensure they don’t sacrifice security in the process.