Is safeguarding data the pre-eminent challenge in the rapidly changing world of healthcare IT?

Healthcare technologies and mobile working practices are producing more data than ever before, so there are more opportunities for data to be lost or stolen.

Technology is the driving force behind improvements in modern healthcare and better use of technology has the power to transform the quality and reduce the cost of health and care services. It can also give patients and citizens more control over their care, empower carers and support the development of new medicines and treatments.

However, as healthcare providers automate their medical records, clinical systems, and medical imaging, protecting the privacy of patient information and securing IT infrastructures is becoming increasingly challenging. Healthcare organisations are facing an increasing number of security threats that risk patient information falling into the wrong hands. In response, countries around the world are implementing new security and privacy laws for healthcare, alongside heightened enforcement and stiffer penalties.

The problem is that new healthcare technologies and mobile working practices are producing more data than ever before. And with it, there are more opportunities for data to be lost or stolen. The urgency of addressing security risks in healthcare has never been greater.

Emerging threats

Since health data is attractive to criminals, it is no surprise that health organisations have experienced a series of highly publicised data breaches.  The recent annual healthcare data privacy and security survey from the Ponemon Institute found that despite the healthcare industry experiencing its worst year in history for data breaches in 2015, there’s been no giant leap forward in terms of tightening up data security.

According to the report, 89 per cent of leaders surveyed said their healthcare organizations had experienced a data breach in the prior two years. And nearly half of them (45 per cent) had seen more than five breaches.  In 2015, 112 million medical records were breached in the US alone. Ransomware in particular is becoming a more prevalent threat actor.

In fact, IT security professionals in the European healthcare industry have a difficult job to do. Every day they face the seemingly impossible task of delivering on two opposing goals: enabling the connectivity and transparency that power digital healthcare, while maintaining strong barriers to protect data, devices and networks from data breaches and cyber-threats.

This challenge is made even harder because digital healthcare allows ever more non-security trained medical staff to access and share confidential patient data.  New security vulnerabilities are opening up all over the place and, if left unprotected, will quickly be seized on by cyber-attackers.

Better and more accessible treatment

A number of industry analysts have observed that increased accessibility of treatment is one of the most tangible ways that technology has changed healthcare.  The number of tools to track patient health data has exploded in recent years, powered by the cloud and enabled by the ubiquity of smart mobile devices and online storage.

Mobile-based tools increase the quality of care for patients, gives patients the ability to better understand and manage their own health, and provides better outcomes at a lower cost for healthcare professionals.

In addition, the explosion of wearable technology, such as FitBit and Nike Fuel Band, provides medical professionals with the data they need to effectively treat their patients on a day-to-day basis. As with mobile technology, wearable sensors introduce risk as well as reward. Organisations must consider where data generated from the sensors is stored and how it is stored.

The emergence of these technologies is fueling the trends towards preventative and out of hospital care. But complex regulatory concerns and patient-care priorities affect the speed with which technology can be adopted and implemented in the healthcare industry.

The growing digital health industry also encourages the free movement of medical data with the objective of advancing clinical understanding. This can range from patients submitting personal information by app or wearable device to doctors sharing new forms of data such as genetic records.

Patients may have to be convinced, however, because so far the healthcare provider industry has not proved an entirely trustworthy custodian of digital medical records.

Safeguarding data

Hospital technology is evolving quickly. Laptops and mobile devices are proliferating both inside and outside the hospital—as are interconnected medical devices that, increasingly, operate on common IT platforms and are susceptible to the same security risks as traditional IT devices. This rapid pace of a change means that hospitals are under pressure to maintain numerous isolated IT assets.

Any organisation that seeks to leverage mobile and cloud technology for its patients and employees must take great care to ensure that security, privacy and regulatory concerns are being addressed.

The reason why the number of breaches persist is that more often than not the culture of hospitals is to focus on the patient, as it should be. But the problem is that there is a widespread  lack of accountability in the healthcare system for protecting data.

Healthcare providers and their IT security teams need to implement the sophisticated, high quality protection that will allow them to manage and protect this data.  Not just for the sake of ‘tick-box’ compliance or to avoid a punitive fine and embarrassing reputational damage, but because doing so will ensure that they and their patients can reap the many rewards of advanced digital healthcare, confident in the knowledge that data, devices and networks are secure.

One of the greatest opportunities of the 21st century is the potential to safely harness the power of the technology revolution, which has transformed our society, to meet the challenges of improving health and providing better, safer, sustainable care for all.