I’ve spoken many times about the state of technology in healthcare, and the wealth of new devices that help make for a more comprehensive treatment experience. For patients and medical professionals alike, it can be easy to revel in these changes that have made monitoring health much easier and less invasive. However, with new technology comes the need to secure it.
The old ways of managing patients were very linear, from patient to provider. All data would be locally managed by carers in a single facility, making it easier to secure. Now, the convenience afforded by mHealth apps, wearables, and more also makes security a somewhat trickier proposition. Furthermore, information shared across multiple providers creates more vulnerabilities that must be addressed by the health community
For all of the patient engagement benefits of this new technology, trust in the carer is lost if data cannot be protected. The problem arises when medical professionals are eager to embrace technology but not security. That may change in the wake of a stream of ransomware attacks such as WannaCry, malicious software that affected a number of prominent healthcare providers, including Britain’s National Health Service. It is problematic to the point that 89% of healthcare organizations suffered at least one data breach in the past five years.
Employees are one of the main reasons for these breaches. If the wrong email is clicked, it can lead to a system becoming infected and spreading. While it is not possible to fully prevent human error, healthcare organizations should be educating their staff on safe web practices. Even then, it can still be difficult. The Los Angeles County Department of health services was targeted in 2016, where emails masquerading as legitimate led to the compromise of the data of over 700,00 people.
So, something needs to change. While losing information can damage the reputation of any company, it is even more imperative for healthcare providers that are trusted with particularly sensitive data. Additionally, ransomware attacks has lead to companies spending thousands of dollars to retrieve their data—after all, not retrieving it could have even more catastrophic consequences.
As previously mentioned, education is valuable. It is, however, not a solution. Healthcare providers can start by limiting access to data, particularly by third parties. However, given the need to regularly relay data, additional precautions need to be made when addressing offsite communications.
For that matter, dealing with securing email is paramount, considering that this is where 90% of cyberattacks start. Often, once the wrong email has been clicked and an attack has started, damage has already been done even if an organization’s IT department can respond quickly. The key is to focus on data, not devices. A strong security solution should work to not only secure data that leaves your environment, but protect it when static. This can be accomplished in part through automated encryption, which protects information sent without employees having to worry about security themselves.
When it comes to anticipating problematic emails, cloud-based analytics can intercept suspicious URLs and files based on data from previous attacks and allow professionals to pinpoint their origin. Employees will never be able to perfectly assess the emails that they receive, but these systems can screen against patterns that they cannot detect.
A huge part of patient engagement hinges on patients being confident and comfortable with their carers. An organization should keep patients safe physically, but now, protecting their data has become more important. By researching and implementing cybersecurity plans, they can work to ensure that the next generation of medical devices and apps are as safe as they are functional.