It’s still happening. And I don’t foresee it letting up anytime soon.
It’s still happening. Despite all of the healthcare data breaches that occurred in 2015, which gave it the name of the “Year of the Healthcare Hack”… it seems that we may be looking into changing that title into a period… a time period to be more exact as in the “Years of the Healthcare Hacks”. It’s a shame that the healthcare administrators, care providers, and IT teams need to be coming together to work on the governance and auditing of their IT security policies that can help protect not only the protected health information of the patients, but also any information that could put the organization at risk! It’s not just about protecting social security numbers, credit cards, and other sellable information, but it’s also about protecting the trust and integrity for any patients currently within the organization, but also the trust of any potential patients as well. An organization thrives on its consumers, and if you’re not taking any measures to ensure a steady flow of consumers, any organization would fall to its knees. Especially in healthcare, where, unfortunately, there is also a stream of consumers leaving the organization in more morbid manners, it’s even more important to ensure that they patch any holes to prevent unnecessary consumers from leaving.
Now, I realize that it’s unfair and not very apt to be talking about the patients as consumers, but from an administrative and IT security standpoint, that’s what they are! Although I don’t necessarily view medicine and healthcare organizations as strictly a business, it’s the business portion of the organization that allows it to keep running and providing care to all of those who need it. If the proper measures aren’t being taken to ensure consumer satisfaction, with the necessary caveats of course to prevent abuse, then more and more healthcare organizations are going to bleed money and can eventually lead to downsizing and shutting down departments that simply aren’t creating a profit.
On the other hand, from a medical standpoint, it’s necessary to be protecting healthcare information in order to provide the most effective care. When a patient comes into the room, it’s important that they can put their full trust in the care provider. It’s important that they are able to lie down on the examination bed, and not have to fiddle the disposable thin paper sheets in anxiety because they’re worrying about how their healthcare organization was hit with a massive data breach. It’s worrisome not only to the patient, but also to the healthcare provider because they may not be able to diagnose and figure out the problems if the patient is holding out information for fear of it being disclosed in a breach.
In a report by the Institute for Critical Infrastructure Technology in January 2016, it was found that healthcare was the most targeted sector of the 16 critical infrastructure sectors. Now, it doesn’t necessarily mean that healthcare is the most profitable per say, but the reason it is the most targeted sector is because it’s the most vulnerable. The security standards are years behind and policies are not upheld and enforced. It’s a very difficult situation because it also requires a delicate balance of availability of the data vs the privacy and security of that very same information. You can’t have information available, and you can’t simply lock down that information. In fact, that report goes on to say that, “since 2009, the annual number of cyber-attacks against the healthcare has drastically increased; often the number of attacks exceeds the previous year’s count by at least 40%”. Cybersecurity is still a new area in healthcare, and as a result, it’s in a “dark age” where it just has to keep getting hammered until they realize that they have to make changes! Despite having the resources, like people, technology, and budget, many organizations still haven’t realized the necessity of placing cybersecurity up as a higher priority. I think that with the shift into big data analytics and data science within the healthcare sector, primarily through clinical and healthcare informatics, there’s another security concern on how to protect and secure internal and external data, while allowing it to be used in more collaborative ways to help drive business decisions and creating insight. Now, the security concerns aren’t new, it’s just that with more and more data being generated, it also requires a necessity to protect it through multi-level protection schemes, similar to the network’s defense in depth method. Not just controls, but it’s necessary to help IT governance and auditing happening to ensure that the policies and controls are kept updated and effective to current and potential threats to security. However, with the increasing amounts of data and information being involved, it’ll make data audits difficult to maintain and the entire data cleaning process might be overlooked in regards to being consistently monitored and tracked. As a result, it’s important that organizations take on the responsibility and obligation to protect the personal information entrusted to them, regardless of the source medium and how it is processed. It’s a vital factor not only for all the members of the organization, but also in the trust point of view in the patient-organization relationship.
In the end, maybe it’s just a phase we all have to go through? Maybe it’s like when we’re in middle school and the “that’s what she said” jokes were all the rage. Maybe healthcare just HAS to go through this stage, and we can’t do anything about it. It’s a shame that the industry sector has to get slammed so hard just for people to start realizing, “hey, maybe I should add a firewall onto the network so that it can protect the potential hundreds of millions in patient information?”. When I was talking about this topic during a final project in my IT Governance and Auditing class, someone chimed up almost in a “smart-alec” tone and asked “then why does healthcare need to use data? Why not just use all internal information with that hospital?” and while that is a valid concern, it’s the benefits of big data that can help us analyze and determine where inefficiencies and opportunities lie, not just within the hospital itself but also within the entire healthcare organization. It can be used to help improve efficiency and just have an easy way to analyze and visualize what is going on within the business with visualization models and reports. One way to do this is through a data storage solution and method, one such is a data lake. These can benefit organizations by revealing actionable insights in healthcare through patient care interventions, satisfaction scores and deliver affordable yet higher quality care. By combining the information together, it could help reduce barriers to information sharing, a problem that has plagued health IT in general because of the difficulties in information exchanges for electronic health records. Some say it’s a phase, but I wanna rename it as the puberty of healthcare, it’s all of the shameful crap that healthcare is facing but unfortunately, it’s also the unavoidable embarrassment that has to come with it. sigh