Privacy & Security
When it comes to cybersecurity issues, many in the healthcare industry likely recognize the importance of protecting patient medical data.
However, as Fairview Health Offices Chief Information Security Officer Judy Hatchett and Proofpoint managing director of health practice Ryan Witt pointed out in a recent HIMSS20 Digital presentation, cybersecurity is also about protecting patients themselves.
"'Do no harm' is a principle that I know … providers hold dear," said Witt in his talk with Hatchett, Why Cybersecurity Is a Core Component of Patient Safety. "Patient safety is a component of that."
Witt, a HIMSS Cybersecurity, Privacy & Security Committee member, explained that security and data breaches can lead to service outages at healthcare facilities, which in turn can compromise patient health in a real way.
When a facility has "downtime as a result of a cyberattack, almost by definition you are doing your patients harm," Witt said.
According to a 2019 American Medical Association-Accenture Medical Cybersecurity Survey, 36% of health institutions were unable to provide care for at least five hours as a result of cyberattacks.
"Any sort of cybercriminal activity that drives downtime, that interrupts your system ... is potentially impacting patient care," Witt said.
Hatchett and Witt said that the majority of cybercrime occurred using phishing – with bad actors often impersonating trusted contacts like the Centers for Disease Control and Prevention, the World Health Organization, and others.
This tactic is especially notable amid the coronavirus crisis, they said, as message recipients are more likely to be looking for reliable information from health organizations.
"Any time of email compromise is always going to be the number one threat vector," said Hatchett.
However, she said, it's also vital to be conscious of the ways a system is protecting connected medical devices, both for the sake of patients who rely on those devices and for the security of the system itself.
Hatchett and Witt also warned about employees' habits of posting too much information about their professional role on LinkedIn or other social networking sites, as it may make them a target for criminals.
This is especially true for those who hold more frequently attacked positions, such as nurses, pharmacists and researchers.
"Who doesn't want to brag about what they do on LinkedIn?" Hatchett said. "But there is some risk in doing that. … Put some thought into how much you're putting out there."
.jumbotron{ background-image: url("/sites/hitn/files/u2556/HIMSSDigitalJumbo.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; }
HIMSS20 Digital
Experience the education, innovation and collaboration of the HIMSS Global Health Conference & Exhibition… virtually.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Healthcare IT News is a HIMSS Media publication.
The legislation would forbid companies from using health information for "discriminatory, unrelated or intrusive purposes."
Also, commercial results of the national testing programme in this week's Healthcare IT News roundup.
The tools could help payers manage the demands of standards-based interoperability challenges, and also offer security, identity management and consent management.
Even as ONC and CMS push for wider patient data sharing, many healthcare consumers are hesitant. The American Medical Association has issued new privacy principles supporting the rights of individuals to control how their health information is used.
The technique, called federated learning, is designed to enable collaboration among far-flung research organizations on machine learning models, while still protecting patient privacy.
Phishing is still the number-one cause of breaches, according to the newly released BakerHostetler Data Security Incident Response Report, with ransomware on the rise.
HIMSS Director of Privacy and Security Lee Kim offers insights for health systems as they defend against both COVID-19 and the opportunistic cyberattacks that are using it as cover to sow chaos.
Persistent flaws in the ability to accurately ID and match patient records are hindering two must-haves on the road to reopening: contact tracing and, eventually, vaccine administration.
Privacy remains an important determinant of how technology is deployed, even during these times of COVID-19, argues HIMSS' chief clinical officer Dr. Charles Alessi.