Health Information Security in the Digital Age
In 2015 alone, data breaches in healthcare totaled over 112 million records in the U.S. As the health industry continues to embrace all the benefits of digital technologies, leaders need to ensure that their infrastructure is equipped to tackle new data challenges in a mobile, interdisciplinary delivery system. There are four main sources of cyber-security risk: vulnerabilities, human error, poor compliance, and criminal actions.
Mobile health is highly susceptible to risk, because of design flaws in hardware, software, and connectivity. Mobile apps that come from unreliable or unsecured vendors can be a big threat. Some mobile health app developers fail to test or validate their apps and make false claims about their capabilities. Although the FDA is aware of the problem with unregulated apps in the marketplace, the rate of development is too fast for them to keep up. Work environment can also lead to unintentional vulnerability for data breach. For example, if you’re an ICU nurse and one moment you’re quietly typing your notes, then all of a sudden your patient codes, are you going to say “Oh wait let me log off the system first”? You might, but in most cases, probably not.
This refers to human factors outside the health organization that have an indirect negative effect on information security. Social issues like censorship, privacy, and free speech intertwined with political concerns like Chinese cyber-espionage, exaggerates the already difficult job of preventing hackers from accessing health data. Systemic social, economic, organizational, and political components introduce a conflict between lightning fast internet connections and the technological ability to overcome complex issues. It is a champion’s feat to implement better security while being maliciously attacked. Of course just like there will always be hackers, there are always be those few employees who can’t resist looking at a high-profile medical record even though they had nothing to do with their care. It’s human nature to be tempted. (FInd out how many do)
This source of risk is related to B2B integration for health data security. People sign in to a work station, and walk away without logging out, or people with improper credentials enter an area where secured health information is laying around. Some amoral people may even share images that have identifying information on it with others who don’t have any privilege to see them. Compliance breaches result in heavy fines and sanctions for health organizations, because they violate privacy laws.
Data has a High Value on the Dark Web
Hundreds of thousands of people around the world have suffered from identity theft. That’s because personal identifying information is very valuable in scrupulous markets. Hackers that break into health information systems and medical apps are typically going after your name, date of birth, social security number, and if they’re lucky your bank account or credit card information. Unfortunately, many times personal health information is also compromised in the process. (Insert updated info about dollar and bitcoin value of the data)
Opportunities for Improvement
At least for now, it seems the best defense in cyberspace is backup, encryption, anti-malware, and strong authentication. These are usually used in some combination to protect valuable health information from cyber-security attacks. Some large hospital systems use an RFID chip embedded in employee name badges. With a wave of the badge, a reader on the workstation allows single sign-on access to the systems they need access to in their daily workflow.
Cybersecurity companies use various tactics to increase security robustness while decreasing system load, but at the end of the day, complex systems complicate the landscape even further. The constant race between encryption specialists and hackers is a risky game of cat and mouse. That being said, business opportunities in health information security are expected to remain in high demand for the foreseeable future. The sector is currently worth around $5 billion with projected growth to reach just under $10 million by 2020, at an annual growth rate of 15%.