HealthCare Business News

HealthCare Business News

Connected, digital and vulnerable—the state of our healthcare information

Five tips to create a holistic cybersecurity plan for your organization


May 01, 2018
By Tim Peeler

We are living in a connected and digital world, where the ability to access information and communicate is always at our fingertips. From mobile banking to social media and even ride sharing, we are generating more and more personal data every day.

Although many may not consider where that data goes or who has access to it, one exception is healthcare. Thus, attending to a patient’s personal information has become just as important as attending to their health and well-being.

Healthcare has become more data driven than ever before, and that’s a good thing. This new reality is being fueled in part by the fact that patients want to be more digitally connected with the hospitals and doctors that care for them.

An Ernst & Young survey released at HIMSS 2018 found that 54 percent of patients are comfortable communicating with their healthcare providers digitally. It also found that they are open to using other technologies, including: at-home diagnostic testing (36 percent); smartphones or connected devices to share information (33 percent); and video consultations (21 percent).

Without a doubt, technologies such as data analytics are revolutionizing healthcare by improving efficiencies in workflows and delivering deeper insights that drive patient care. The ability to paint a bigger picture is wonderful, but it relies heavily on the amount of patient information that is fed into the system and where that data comes from.

The key to all of this is interconnectivity. While technology is definitely improving the patient experience and outcome, it also presents real challenges for healthcare organizations. For many, investing in data protection and the ongoing attention required to stay up-to-date with the latest security information is daunting.

Consider the fact that patient data is more lucrative for hackers than your credit card number, according to Larry Ponemon, founder of the Ponemon Institute. From electronic medical records, to mobile health apps and even medical imaging, patient data is generated from an increasing number of sources. While the speed and ease at which patient information is accessed and shared among healthcare providers can be a real advantage, it does make us vulnerable to cyberattacks.

The reality is that cyber threats are rapidly increasing in number and complexity which, in turn, cost healthcare organizations more than $12 million in 2017, according to a 2017 study by Ponemon Institute and Accenture.

So what can healthcare providers and organizations do to protect their patients and themselves from unwanted cyber intruders? Here are five key strategies to establishing a holistic cybersecurity plan.

Don’t go it alone. It’s imperative that you work with all involved parties to ensure they are as committed to data security as you are. From hospitals to practitioners, and labs to insurance companies, all those included in this complex ecosystem must be active participants protecting data.

There are multiple points of entry for any given cyberattack and your job is to ensure that every connection between your patient’s data and the outside world is controlled and secure. The more interconnected people, data and organizations are, the higher the risk. Ensure that the only applications running on your systems are secure and approved. There are many links in the chain, and you are only as strong as your weakest link.

Adopt Risk Management Framework (RMF). RMF is a set of standards developed by the National Institute of Standards and Technology (NIST) and is mandatory for federal agencies and the organizations working with them.

Risk management is progressive, proactive, and focused on synergistic solutions, because it’s based on formal frameworks and methodologies. RMF is the best way to protect data, but it only works if everyone in the ecosystem is adhering to the standard.

One of the biggest challenges in managing the security of your ecosystem is the fact that not everyone follows RMF (industry gold standard) guidelines to the full extent. If your partners are not RMF compliant, they represent that weak link.

Per RMF, your system and any system that connects to you should be tested on a regular basis to ensure they are up to date on the latest threats and preventions. Establish a cybersecurity task force to regularly test systems and participate in industry conversations.

For example, Canon Medical Systems is an active participant in the FDA-recommended community www.nhisac.org. Here you will find cyber security experts from across the industry sharing information on potential risks and vulnerabilities, as well as tactics for defending against them.

Invest in medical imaging equipment that minimizes security vulnerabilities. Look for systems that feature properly configured endpoints that deploy scalable protection against zero-day and advanced persistent threats. For example, at Canon Medical Systems we created InnerVision Plus, which through its network firewall features, provides 1:1 IP translation to isolate and protect the equipment on your network before imaging performance is affected. All of our imaging systems have the option for advanced security capabilities that follow the strict security guidelines of RMF and are authorized as secure by the U.S. Department of Defense.

Focus on the human element of how data is being generated and shared. In many cases, hackers take advantage of simple human errors. Take, for example, the number of times we’ve seen major data breaches occur when someone in the chain opens a suspicious email or downloads an unverified app.

We leave digital footprints everywhere and it’s crucial that healthcare organizations take the time to educate their staff, patients, vendors and partners on the best way to protect us all.

Develop a response plan and be proactive by putting measures in place now, rather than waiting for an attack to occur. This will make a tremendous difference in the scale and impact that an intrusion will have on you and your entire ecosystem.

Every healthcare organization should establish a cybersecurity task force to assess or put into place the processes, people and tools needed for data protection. A major key to the success of this group will be the ability to identify and isolate attacks, as well as understand security requirements as they change. You must always remain vigilant.

One of the things that we are most proud of at Canon Medical Systems is the fact that we’re always pushing ourselves to evolve in parallel with society and the technology around us, while understanding the associated risks. As connectivity, digital health solutions and the sophistication and frequency of cyberattacks grow, I hope you will take time to evaluate your vulnerabilities and address them.


This article is reprinted with permission from HealthCare Business News.