More than ever, companies throughout the world rely upon digital data storage to efficiently operate and compete in the digital age, making cybersecurity of the utmost importance. In this article, Medical Doctor and Health Informatician Joel Arun Sursas discusses cybersecurity in the healthcare industry.
Cybersecurity involves employing several techniques to protect computers, networks, and data from unauthorized sources that seek to illegally obtain access to the aforementioned items and exploit the information, often for monetary gain.
In the past decade, cyberattacks have dominated global headlines, damaging the reputation of several prominent businesses and putting consumers' personal information at immense risk. Notably, in 2017 Equifax, one of the largest credit monitoring agencies in the United States, experienced a sizable data breach that exposed personal data for 147.7 million Americans. In 2013, Cyber attackers set their sights on the colossal retail chain Target and accessed 41 million customers' credit card details.
Let us not forget the infamous cyber incident in 2014 when Sony Pictures Entertainment suffered a devastating hack. The fallout included the exposure of employee social security numbers and the utter shattering of the company's digital infrastructure, causing employees to revert to fax machines for months.
Those at the top of the corporate structure were not spared as the attack led to the dismissal of the chairman of SPE's Motion Picture Group, partially due to the questionable nature of the leaked emails.
It cannot be stressed enough; businesses, regardless of reputation or size, remain vulnerable to nefarious intrusions, and the health industry is absolutely no exception. According to the 2019 Annual Breach Barometer Report, over 15 million patient records were exposed as a result of over 500 healthcare breaches. Additionally, Verizon's 2018 Data Investigation Report concluded that healthcare is the most vulnerable industry to cyberattacks and accounted for 24% of breaches investigated. Given the sensitive nature of the data playing field and the growing concern among consumers, it's critical to understand the challenges of protecting medical documents as well as the most effective strategies available to keep the information safe.
Depending on the size of the medical firm, the role of Information Technology (IT) may be in-house or outsourced to a third party. The American Medical Association reported that approximately 25% of physicians outsource security management and, therefore, heavily rely upon health IT enterprises to prevent cyberattacks. Either way, the security practices implemented are only as good as the repute, skill, and knowledge of the individual or company. Therefore, health organizations should allocate a significant portion of their annual budget to IT.
Apart from budget constraints and capable cybersecurity professionals, the most common challenge inflicting data protection is "phishing" attacks. This type of strike targets ill-informed individuals by sending sham emails from presumably reputable sources. Typically, the emails aim to coerce sensitive information or trigger malicious software (aka malware). Therefore, to reduce risk upfront, the IT department should educate employees on how to recognize and report suspicious emails.
If computers linked to the office network become infected with malware, it's possible the servers and the entire infrastructure could be shut down. In certain scenarios, the state of the network may even be held for ransom by the cybercriminals.
Another common issue of cybersecurity is encryption or lack thereof. Anemic encryption is often untested and out-of-date and therefore provides minimal defense. It's crucial to keep encryption software and practices current; otherwise, it's easier for hackers to locate and exploit weaknesses or blind spots.
According to Health Informaticians like Joel Arun Sursas, health care organizations should view cybersecurity as an essential aspect of patient care. To reduce the risk of breaches, Dr. Sursas recommends implementing the following practices.
First and foremost, health organizations need to establish a culture that embraces proper cybersecurity techniques. After all, cybercriminals typically target individuals first due to their unsuspecting nature. A work environment resilient to cyber threats is achieved through education, such as annual training courses or quarterly webinars that cover a variety of topics, including passwords, phishing, and ideal computer habits.
It almost goes without saying, but tried-and-true defenses such as firewalls, up-to-date anti-virus software, and encryption are essential to maintaining security protocol. While these techniques may appear obvious, if left unattended, they could result in a devastating attack.
Also, as data sharing amongst clinicians increases in importance, oversight of network access by device and location must be performed with extreme caution. Not only do medical professionals retrieve and add to patients' medical records over a shared network, but it's also commonplace for patients to review their health results such as blood tests remotely via a digital profile. While the latter is most likely overseen by third party software, health organizations can limit network access to vetted devices and scrutinize any peer-to-peer applications before they're installed.
Finally, clinical care providers should consider employing informatics professionals who are highly trained to chaperon data collection, management, and protection.
Protecting patient data is not always clear-cut, especially in an industry that lacks ubiquity and is overwhelmed with antiquated software. Because the truth is: the challenges and strategies described above are only the tips of the iceberg. However, both independent clinics and national health organizations can prevail against cyber threats if they heed the mistakes that have come before and proceed with due diligence and action.
About Joel Arun Sursas
Joel Arun Sursas is a Medical Doctor and Health Informatician motivated to solve administrative problems in healthcare. His determination to work tirelessly to bridge the gap between doctors and engineers is resulting in medical technology solutions that improve patient outcomes, enhance monitoring, and protect patient privacy. Dr. Joel Arun Sursas is an effective communicator who facilitates the achievement of team goals.