Health Care Companies Fail To Recognize Risk Of Cyberattacks

Laptop & StethoscopeRegardless of the sector in which chief information officers find themselves working, there is bound to be a unique set of obstacles that these professionals face. While tech executives may be plagued with concerns about implementing the best solutions to help their financial firms keep track of their assets, CIOs within the health care field could have even more significant problems on their plate. A rising number of organizations within the medical industry have been adopting IT solutions to carry out all kinds of functions. With this growing trend, representatives leading these initiatives need to mitigate issues in terms of securing their solutions, guarantee confidentiality and ensure their organizations are compliant with regulations – actions that have yet to be taken by many health care companies.

Health care does not recognize the need for security
Although HIPAA is hardly new, a number of medical institutions may be struggling to adhere to these codes as they continue to adopt new innovations. According to InformationWeek, over the years, a large portion of the health care community seems to have had a persistent aversion to IT security. In some cases, individuals working in this field have maintained that implementing the proper protective protocol, which would guarantee that confidential information does not make its way into the hands of unauthorized personnel, could compromise patient care. For example, the source cited that people maintain that in the event of an emergency, physicians may completely blank on passwords or could be thrown off by certain security measures in place. This would prevent them from accessing patient records in a timely manner and put the lives of those in critical condition at risk.

At the same time, there are some health care professionals who simply do not see the need for taking the measures to secure patient data and organizations’ information because the threat is too small. Installing the right safeguards to protect IT requires various investments, such as money to purchase the necessary tools and keep a staff of qualified tech professionals capable of managing these solutions. With some organizations strapped for funding, using valuable finances for these purposes may not be a priority. This mentality is further upheld by the belief that health care companies’ data is not that much of a target. A popular misconception is that hackers are not likely to go after this kind of information because it is boring and does not offer much opportunity to make a profit. When compared to data belonging to companies handling large sums of money, medical records do not seem like enticing options for cyberthieves.

Medical sector is still a target
This assumption does not ring true, though, and health care organizations are susceptible to cyberattacks. SecurityInfoWatch stated that according to the SANS-Norse Healthcare Cyberthreat Report, almost 50,000 instances of hacking occurred within the medical field between September 2012 and October 2013. In addition to these findings, research revealed that 375 devices and networks associated with health care organizations were compromised. Among the types of solutions accessed were email servers, webcams and even radiology imaging programs.

CIOs should bear in mind that not all kinds of health care organizations are equally susceptible to cyberattacks. According to SecurityInfoWatch, the report said that 72 percent of these cases happened to health care providers, while the second largest victim was health care business associates at 9.9 percent. Despite any discrepancies between certain types of health care companies’ susceptibility to security breaches, CIOs should not forgo adopting the appropriate protective IT tools because they feel like their organizations are less at risks than others.

Address mobile protection first
In light of this report, IT executives responsible for managing technology at health care organizations should take the time to protect their data and associated solutions to be certain confidential information is accessed by only those permitted. If these professionals do not know where to start, perhaps their best course of action is to address mobile technologies first.

Brian Eastwood with CIO Magazine explained that one of the most serious issues affecting the security of mobile solutions used throughout the health care sector is that medical professionals have been passing up protecting patient privacy in the name of quick and easy functionality. For example, physicians are now employing mobile applications that allow professionals working in numerous hospitals to tap into a patient’s file. This tool enables different doctors to read his or her medical information, determine the proper treatment and make real-time updates to these documents for other health care providers to see instantly.

While it may be tempting to make these solutions as easy for users as possible, leaving them unprotected may permit just about anyone to acquire electronic protected health information. For this reason, CIOs should be sure to encrypt files being sent through mobile applications, in addition to sending them via HTTPS so that they will not be intercepted by hackers.

CIOs.com
CIOs.com is your place on the web for intelligent, issue driven content that helps you develop practical IT solutions and strategy.