Privacy & Security
Privacy & Security
Their automated identity proofing process helps providers to adhere to looming government-mandated EPCS verification standards, enabling them to approve or deny prescriptions remotely.
Privacy & Security
Criminals can use artificial intelligence to engineer automated phishing attacks with more convincing content and greater accuracy.
Interoperability
The concept is simpler than many realize, but the implementation can be complex and challenging. Health systems should think deliberately about new proofs-of-concept, but get on board soon.
Electronic Health Records
Data Warehousing
A billing vendor, AccuDoc Solutions, told the health system in October that a third-party had gained access to its data for about a week in September.
IT Infrastructure
New Zealand’s Northern Region simulated a major cyberattack on its health system, saying it is a case of “when, not if” an attack will eventually occur.
healthAlliance systems operations manager Simon Long presented at the HiNZ Conference 2018 in Wellington on 23 November on the mock incident, called ‘hot chilli’, which was run by the shared services agency. healthAlliance is one of the most significant shared services organisations for the health sector in New Zealand and jointly owned by the four Northern Region district health boards (DHBs) : Northland, Waitemata, Auckland and Counties Manukau Health.
Long said low-scale cyberattacks on the health system happen on a daily basis and the mock incident escalated the scenario into a major attack that affected a number of systems.
“The objective was to create, test and improve a regional view of business continuity and the recovery capability,” he told attendees.
The exercise involved the four northern DHBs – Waitemata, Auckland, Northland and Counties Manukau – and was designed to be as close to real life as possible, so staff were not forewarned. Around 27,000 people work across the DHBs and healthAlliance.
The mock attack involved the email systems being unavailable due to hacking, no wi-fi access on the sites and the data integrity of the clinical systems being untrustworthy, meaning National Health Index numbers were not validated.
Webinar: The Future of Medicine: Protecting Privacy Without Impacting Quality of Care
The simulation started at 9am and finished around 4pm followed by a debrief and “it was a really interesting day for everybody involved,” said Long.
Key learnings were that one can never over-communicate in a crisis situation and the huge value of practice to get better and become more efficient.
Long said other organisations had since asked healthAlliance for help in this area and the agency is happy to share its learnings.
Ministry of Health chief security adviser Nick Baty presented with Long on his involvement with ‘hot chilli’ and how the experience has fed into the development of a health sector cybersecurity event response plan.
In the article “Ethical hacking: What to look for in a pen tester”, author Jessica Davis notes that simulated attacks on a healthcare organisation can help infosec leaders assess their security posture, but not all pen testers are created equal and not every provider is ready to be tested.
Pen testing is the practice of simulated cyberattacks on an organisation’s network or a specific function, such as IoT devices or web apps. The goal is to identify any system flaws or weaknesses and just how likely it is that a hacker can exploit these vulnerabilities. Lee Kim, director of privacy and security for HIMSS North America, said that a pen tester should have “real world experience and experience in business environments like [healthcare].”
A version of this article first appeared on eHealthNews.nz.
Analytics
ClearData, IBM, PureStorage and others are positioning themselves for an emerging an environment where providers rely on a mix of public and private secure clouds for their data.
Interoperability
Cybersecurity is still the big one. But interoperability and telehealth are not far behind for leading organizations' technology goals.
Mobile Health IT
The device maker is betting the company's AI-powered security capabilities will help its enterprise customers, in healthcare and elseware, safeguard their connected devices.
Revenue Cycle
Advice for hospitals: Making inroads on blockchain now, with smaller projects that don't involve patient data, can help prepare them for larger opportunities ahead.