The recent institutional support for EHR and the proliferation of data accessing devices in the healthcare industry present both significant opportunities and threats. This “data-ization” of health has numerous consequences, not the least of which involves the ushering of Big Data to healthcare. With EHRs, telehealth, and IoT medical devices constantly generating patient data, the hope is that eventually the data can be leveraged to optimize machine learning algorithms that will significantly enhance care decisions.
We are a long way from truly integrating Big Data utilization in healthcare, but given the large role that data does and will continue to play in health care, it’s only fair to wonder what steps health care organizations can take to safeguard their data.[i] While big data can yield significant potential boons, it can only realize its benefits if stakeholders are willing to fully engage in the technological transfer. That will not happen in the absence of data security.
The Age of Cyberattacks
According to a 2016 report by the Ponemon Institute, healthcare facilities have been victims of one cyber-attack per month, and that half of all healthcare facilities “have experienced the loss or exposure of patient information.” A further quarter of healthcare facilities reported being unsure whether they have lost patient data or not.[iii] Organizations that find themselves the victims of cyber attacks may lose considerable sums of money to ransom, delays in operations, and loss of reputation.[iv]
Cybersecurity threats that are the most common include malware that may expose or steal sensitive patient information, including financial details, as well as ransomware, a type of malware that blocks user access to data or threatens exposure of data unless a ransom is paid. These attacks primarily favor systems that have not been properly maintained. The structure of today’s multi-stakeholder healthcare system is also expected to dilute security, as the number of entry points for cyber attacks increases with each participating actor.
What can health organizations do to prepare for these attacks?
Among the viable security options are to increase user access security through multi-factor verification and device security, or BYOD (“bring your own device”) security, as the frequency of use of personal mobile devices and PCs in care increase to meet the demands of telehealth.[v] Additionally, security of the actual patient data may be economically relegated to a third-party IT security firm. The security needs of EHR increasingly encourages centrality, in which the administrative and management expertise of healthcare organizations can allocate funds to address cybersecurity concerns across a variety of independent, certified providers.
As malicious use of private information and the extensiveness of data’s role in healthcare increases, so will the financial incentive of targeting healthcare organizations with malware. Experts foresee attacks, girded by machine learning algorithms, to increase in frequency and sophistication. It is essential for healthcare providers to protect both themselves and their patients.