Keeping Your Healthcare Data Secure – What You Need to Consider
Reanna Gutierrez  |  June 06, 2017
Blog Image 060617.jpg

The healthcare IT market is expected to double — reaching a projected $280 billion by 2020. The federal portion of national healthcare spending, according to the Federal government, will grow 86%, from $920 billion in 2015 to $1.7 trillion by 2025. Deltek's Federal Health Information Technology Market report states that as the need for improvements in healthcare quality, interoperability and privacy grows, federal agencies acting as payers, promoters and providers will continue to invest in technologies and solutions to improve health outcomes and reduce waste, fraud and abuse.

Electronic patient records, new healthcare applications, connected medical devices and regulatory/compliance changes, such as the HITECH Act, MACRA, and the 21st Century Cures Act, are making it easier for doctors to share patient records, affect patient outcomes and increase the quality of care, but are also contributing to an explosion in healthcare data. Top federal health IT areas of focus include data standardization, data integrity, information exchange, interoperability, analytics, storage, infrastructure modernization, legacy system modernization, cloud adoption, telehealth and mobile applications.

This rapid growth is enabling innovation and changing patient expectations, but posing significant challenges for IT to meet demands. As Government agencies like the VA and DoD move to modernize and digitalize systems, the growth of big data and information sharing is heightening risk.

Healthcare agencies need to not only deliver improved care and patient experience but also ensure that patient data and privacy are protected.

Healthcare IT Threat Landscape

According to the Ponemon Institute, the top cyber threats for healthcare organizations in 2016 were ransomware, malware, and denial of service (DDoS). Many cybersecurity experts consider ransomware the fastest-growing threat across all industries, but healthcare organizations are especially vulnerable due to their need for uptime and willingness to pay.

In 2016, we saw a record number of attacks on healthcare organizations, such as Bon Secours and Hollywood Presbyterian, and so far 2017 is following suit.

Other threats include:

  • Medjacking: The Hospira insulin pump and St. Jude cardiac devices are examples of how hackers could take advantage of medical devices with security vulnerabilities.
  • The Internet of Medical Things: From wearable patient devices to remote monitoring apps, more endpoints are connecting to healthcare networks. Each represents a new potential entry point for hackers.
  • Insiders: The majority of data breaches are caused by compromised accounts and IT professionals need to pay attention to not only malicious insiders but also risks resulting from human error.

Combating Healthcare Threats

Healthcare IT must design a plan that takes a holistic approach to data security and combines technology, people and processes.

  • Follow Industry Standards: NIST, a cybersecurity framework of standards, guidelines, and best practices created through a collaboration between industry and government to promote the protection of critical infrastructure is a good starting point for government health IT.
  • Institute Workforce Training: There also needs to be more emphasis on workforce training on current threats, how to spot malicious links and detect phishing attempts has been proven to significantly reduce this common threat.
  • Update Legacy Technology: Legacy technology is among the biggest challenges for government healthcare IT. Organizations need to find and patch all vulnerabilities resulting from applications and systems that are no longer supported and make a plan to update and modernize technology where feasible.
  • Employ Encryption: All data should be encrypted whether at rest or in motion. The case of Denton Heart Group is case in point. An unencrypted hard drive that contained seven years of backup electronic health record data was stolen exposing over 200,000 patient records.

Creating an IT Healthcare Plan

Today's healthcare CIOs must balance stringent security and privacy regulations with a need to meet consumer demands and provide an excellent patient experience. As healthcare IT leaders depend on technology investments to modernize the healthcare experience and differentiate their organization they must not lose sight of security concerns.

OneNeck IT Solutions is committed to helping our customers support best practices, mitigate costs, improve service levels and meet industry compliance regulations. Our experts have a broad degree of experience working with healthcare organizations to improve efficiency and agility while providing the highest level of protection for healthcare data.