Technology is the driving force behind improvements in modern healthcare, and has the power to transform the quality and reduce the cost of these services. It can also give patients more control over their care, empower carers and support the development of new medicines and treatments.
However, as healthcare providers automate their medical records, clinical systems, and medical imaging, protecting the privacy of patient information and securing IT infrastructures is becoming increasingly challenging.
>See also: Cyber security in the NHS: useless operating systems and legacy
Healthcare organisations are facing a rising number of security threats that risk patient information falling into the wrong hands. In response, countries around the world are implementing new security and privacy laws, alongside heightened enforcement and stiffer penalties.
Yet new healthcare technologies and mobile working practices are producing more data than ever before, and with it more opportunities for data to be lost or stolen. The urgency of addressing security risks in healthcare has therefore never been greater, and will only increase along with the launch of new technologies.
Emerging threats
Since health data is attractive to criminals, it is no surprise that health organisations have experienced a series of highly publicised data breaches. The recent annual healthcare data privacy and security survey from the Ponemon Institute found that, despite the healthcare industry experiencing its worst year in history for data breaches in 2015, there’s been no giant leap forward in terms of tightening up data security.
According to the report, 89% surveyed said their healthcare organisations had experienced a data breach in the prior two years. And nearly half of them (45%) had seen more than five breaches. In 2015, 112 million medical records were breached in the US alone. Ransomware in particular is becoming a more prevalent threat actor.
>See also: Why the healthcare industry badly needs a cyber security health check
It’s no surprise therefore that IT security professionals in the European healthcare industry have a difficult job to do. Every day they face the seemingly impossible task of delivering on two opposing goals: enabling the connectivity and transparency that power digital healthcare, while maintaining strong barriers to protect data, devices and networks from data breaches and cyber-threats.
This challenge is made even harder because digital healthcare allows ever more non-security trained medical staff to access and share confidential patient data. New security vulnerabilities are opening up everywhere and, if left unprotected, will quickly be exploited by cyber-attackers.
Better and more accessible treatment
A number of industry analysts have observed that increased accessibility of treatment is one of the most tangible ways that technology has changed healthcare. The number of tools to track patient health data has exploded in recent years, powered by the cloud and enabled by the ubiquity of smart mobile devices and online storage.
Mobile-based tools increase the quality of care for patients, give patients the ability to better understand and manage their own health, and provide better outcomes at a lower cost for healthcare professionals.
In addition, the introduction of wearable technology, such as FitBit and Nike Fuel Band, provides medical professionals with the data they need to effectively treat their patients on a day-to-day basis. But as with mobile technology, wearable sensors introduce risk as well as reward. Organisations must consider where and how data generated from the sensors is stored.
>See also: The future of IT in the healthcare sector
The emergence of these technologies is fuelling the trend towards preventative and out-of-hospital care. Butcomplex regulatory concerns and patient care priorities affect the speed with which technology can be adopted and implemented in the healthcare industry.
The growing digital health industry also encourages the free movement of medical data with the objective of advancing clinical understanding. This can range from patients submitting personal information by app or wearable device to doctors sharing new forms of data such as genetic records.
Safeguarding healthcare data
Hospital technology is evolving quickly. Laptops and mobile devices are proliferating both inside and outside the hospital—as are interconnected medical devices that, increasingly, operate on common IT platforms and are susceptible to the same security risks as traditional IT devices. This rapid pace of a change means that hospitals are under pressure to maintain numerous isolated IT assets.
Any organisation that seeks to leverage mobile and cloud technology for its patients and employees must take great care to ensure that security, privacy and regulatory concerns are being addressed.
The reason why the number of breaches persists is that the culture of hospitals is to focus on the patient – as it should be. But the problem is that there is a widespread lack of accountability in the healthcare system for protecting data.
>See also: Can the cloud save the NHS from a data breach epidemic?
Healthcare providers and their IT security teams need to implement sophisticated, high quality protection that will allow them to manage and protect this data. Not just for the sake of ‘tick-box’ compliance, or to avoid a fine and embarrassing reputational damage, but because doing so will ensure that they and their patients can reap the many rewards of advanced digital healthcare, confident in the knowledge that data, devices and networks are secure.
One of the greatest opportunities of the 21st century is the potential to safely harness the power of the technology revolution. In doing so, we can meet the challenges of improving health and provide better, safer, sustainable care for all.
Sourced by David Emm, principal security researcher at Kaspersky Lab
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here