- With cyber threats on the rise, healthcare security systems must keep pace in order to best protect patient data, as well as their own clinical information.
One of the best ways to do that is with organizations working together and communicating strategies to one another, according to Lynne Dunbrack, research president of IDC Health Insights. Dunbrack authored the recent IDC “Business Strategy: Thwarting Cyber Threats and Attacks Against Healthcare Organizations” report, and discussed the findings with HealthITSecurity.com.
“You’re as strong as your weakest link,” Dunbrack said. “It means you’re sharing data more and there are more opportunities for data breaches if it’s not well-secured. There is a balance that healthcare organizations need to seek.”
With more medical records being implemented into EHRs and more facilities using health information exchanges (HIEs) and other innovations, it’s crucial for organizations to balance healthcare security with new technology. As facilities make investments they also need to ensure they have the appropriate business associate agreements (BAAs) in place, Dunbrack said. Moreover, it’s important to monitor risk assessments and that all covered entities and their connected business associates (BAs) are complying with HIPAA privacy and security requirements.
From there, healthcare organizations should consider investing in predictive analytics tools, she explained.
“You need to take all the data you’re getting from security devices and appliances and look to see where there’s changes in network behavior,” Dunbrack said. For example, if there is an employee who typically works 9 -5, but there is suddenly a lot of network traffic from that individual at odd hours, then the healthcare organization should investigate.
“[Healthcare organizations] need to monitor and predict where the next breach could happen,” Dunbrack said, “and also have an understanding of what’s normal, what’s abnormal. They’re using devices for a lot of data. By using big data in deeper analytics [they can] see where a potential breach may be going on.”
The IDC report did show that healthcare organizations are aware of cybersecurity threats, and many are taking steps to implement better security measures. Approximately 60 percent of healthcare executives increased their spending on cyber threats, the report found, while 38 percent stated that their cybersecurity spending stayed the same over the last three years.
Coming together to move forward
Healthcare’s future can be a positive one if organizations are willing to work together when it comes to cybersecurity, Dunbrack said.
Cyber criminals are not only well-funded, but they share information with one another. Attackers disclose how to get into various systems and how to extract the data, she said. Healthcare organizations must be willing to do the same in terms of threat intelligence.
“The industry needs to come together in order to protect themselves from cyber attacks,” Dunbrack said, adding that this is especially critical to preventing medical identity theft.
The largest form of identity theft is around the medical industry, she said, and it is especially difficult for hospitals to separate the faulty information from the truth. If an individual’s medical information has been paired with that of a cyber attacker, it presents a health risk along with a financial one.
For example, a patient’s allergy information could be overwritten. From there, the wrong medication could be prescribed. It’s very expensive and time consuming to unravel that thread, according to Dunbrack.
However, retailers have started to come together after several high-profile, high volume breaches – i.e. Target and Home Depot – Dunbrack said. If healthcare organizations start to do the same, and are able to learn from one another, it will be easier to protect themselves and their patients’ data from cyber attacks.