On March 1, several issues remained with me leaving Las Vegas and the HIMSS18 Global Conference & Exhibition, but one in particular stuck: the central, recognized role of cybersecurity threats in healthcare.
Cybersecurity in Healthcare
Here’s briefly what we know we know about healthcare, privacy and security:
- HIPAA covers patients’ personal health information that is held by covered entities and shared with contracted business associates
- HIPAA does not cover patient-generated data that is created outside of those relationships, such as information that comes from wearable technologies and mobile apps outside of “healthcare” settings, or data posted on social networking platforms
- Health information breaches are more highly valued by cyber-attackers as they are worth more than, say, consumers’ bank account or credit card identities
- Cyber breaches are a new-normal in healthcare
Note the 2018 HIMSS Cybersecurity Survey found that nearly 76 percent of healthcare organizations had a significant security incident in the past 12 months. Over one-third of these breaches came from online scam artists like phishing, 21 percent caused by negligent insiders, and 20 percent by hackers on the outside.
On the inside, healthcare organizations cite the biggest barriers for remediating cybersecurity incidents are lack of appropriate personnel (among 52 percent), lack of financial resources (for 47 percent), too many application vulnerabilities (among 29 percent), among other threats to successful mitigation and prevention.
Finally, 52 percent of healthcare organizations do security awareness training annually. Only 30 percent conduct such training on a monthly basis or more.
What’s Next for Healthcare Cybersecurity
Most healthcare organizations intend to increase resources allocated to cybersecurity in 2018, according to the Center for Connected Medicine survey published in December 2017, shown in the second graphic from the report.
Looking to 2018, a study from Merlin and The Ponemon Institute forecasts the expectation that patient information will be even more at-risk this year compared to last year.
“Hospitals and payer organizations (healthcare organizations or HCOs) are facing constant, increasingly destructive cyber-attacks,” Merlin and Ponemon attest. Among the five industries they tracked, healthcare accounted for one in four total breaches in 2017, exposing over 5 million patient records.
The key takeaway, after all the talk and demos presented at HIMSS18 about artificial intelligence and machine learning, population health and revenue cycle management best practices, is that consumers’ underlying, gut-level trust in the healthcare system is under siege by bad actors targeting both healthcare data, as well as people’s social, retail and financial information.
The healthcare industry must be mindful of this emerging consumer reality, allocating resources to cybersecurity defenses, staff education and awareness, and patient engagement to engender trust and faith in their providers’ data stewardship.
The views and opinions expressed in this blog or by commenters are those of the author and do not necessarily reflect the official policy or position of HIMSS or its affiliates.