Digital security has become more important in the eyes of the general public, thanks in part to major events like the Equifax data breach, which made the personal information of 143 million Americans vulnerable. Corporations are scrambling to improve their security infrastructure, hoping to avoid the negative press (and costs) associated with a breach, and governmental organizations are trying to update their tech to avoid similar vulnerabilities.
However, there’s one industry where digital security isn’t progressing as quickly as it should, and it’s time we start paying more attention to it: healthcare.
The increasingly connected world
First, we need to understand how the connected world and constant advancements in technology are leading to more vulnerabilities in the world of healthcare. Healthcare providers all over the world are starting to integrate technologies like wearable devices and remote healthcare to provide better, more comprehensive services to patients. These are generally a good thing, but every new device on the network is a new point of vulnerability, and every new technology from a different manufacturer brings a different set of unknowns.
New regulations are hoping to improve data security for patients and hospitals alike, but for the most part, the development and deployment of new technologies can outpace the rollout of new legislation regulating it. As our healthcare technology gets more complex and capable of providing better care, it also gets harder to keep private and secure.
The lucrative nature of healthcare data
We also need to acknowledge just how valuable healthcare data can be to a motivated cybercriminal. Healthcare systems need to collect multiple pieces of personal information on their patients, including their names, family history, date of birth, social security numbers, payment information, and of course, their current conditions and ailments. Any combination of these data points could be highly valuable to a hacker, and highly destructive to the patient who had them stolen.
One study found that the electronic medical records of a single individual could be worth up to $1,000. Access a small-time hospital’s vulnerable system with 1,000 records in it, and that amounts to an easy $1 million. Accordingly, hospitals and other medical companies are increasingly becoming targets of choice, even more than payment processors and other financial companies.
This isn’t just hypothetical, either; a string of ransomware attacks has been unfolding in hospitals over the past several years, with costs of up to $6.2 billion a year (and growing).
Health and wellness at stake
It’s worth noting that digital security for hospitals isn’t just about saving hospitals money or protecting the financial interests of the patients seeking medical services. In the near future, wearable devices and medical technology could be so common that a cyber breach could put lives in jeopardy or result in the deterioration of someone’s health. For example, if thousands of patients rely on a piece of tech to maintain their heart rhythm, insulin level, or other vital bodily function, a single cyber attack could immediately put their lives in jeopardy. A particularly malicious person could use this as a method of mass murder, while other cybercriminals could attempt to take a hospital hostage, threatening the lives of thousands of people, unless they receive a massive payment.
On top of everything else, many medical practices are stuck using old, practically obsolete technology, which inherently has more vulnerabilities than a modern equivalent. Nurses and other staff members are using Windows XP or a similarly outdated operating system on devices that were past their prime five years ago. Some are still reliant on paper-based record keeping and methods of communication. Others are adopting forward-thinking strategies, such as the integration of new mobile devices, but without the security standards in place to protect them (like a strict bring-your-own-device policy).
This could manifest for any combination of motivations. Hospital staff members are typically untrained in the realm of digital security and may be so used to an older procedure that they’re reluctant to change. Many medical practices don’t have dedicated IT or cybersecurity personnel, putting unqualified people in charge of making high-tech decisions. And on top of that, many hospitals simply don’t have the budget to upgrade their systems as frequently or as comprehensively as they should.
Resolving the problem
There isn’t a single or simple solution to uniformly fix this problem, mostly because it’s so multifaceted – and because it’s not prudent to simply halt the introduction of new technology. However, raising awareness of the issue can prompt more healthcare providers, administrators, legislators, and even patients to demand higher standards for medical technology. It shouldn’t take breaches costing billions of dollars to get people to take the digital security of healthcare organizations seriously.
Download the white paper A Future in Digital Health to learn the advantages of embracing digitalization for healthcare organizations.