Cyber security threats to healthcare information

by Ancil Lea ([email protected]) 308 views 

Editor’s note: Ancil Lea has worked with more than 1,500 physicians, clinics, out-patient surgery centers, and hospitals to help with everything from medical software to healthcare marketing for nearly 30 years. He is the former coordinator for the Arkansas Office of Health Information Technology, and can be reached at [email protected]

Opinions, commentary and other essays posted in this space are wholly the view of the author(s). They may not represent the opinion of the owners of Talk Business & Politics.
–––––––––––––

There was a time your medical records might be exposed to a few hospital employees and the cleaning crew. Now, your records are connected to the Internet, exposed to the world if a hacker so chooses.

When I was the director of HITArkansas, the regional extension center for the state of Arkansas, I worked with more than a thousand providers, practices and hospitals all over the state and mid-south. As I worked with this program, there were a couple of strong concerns I saw while the whole industry was rushing to adopt electronic health records (EHR) and implement “Meaningful Use” in their practices.

One that I’ve addressed before – the sharing of unencrypted patient health data between providers and their staff through texting and messaging – makes your data vulnerable to being hacked, not to mention audits and fines by HIPAA.

The second, and probably more concerning than HIPAA, is the exposure of all this patient information, which is now connected and exposed to the web and the threats that exist with EHR and other systems. Before EHR, a paper chart was subject to employees and a few cleaning people reading these records, which was definitely a problem, but limited in the scope of potential liability. Now, every clinic and hospital has potentially exposed patient data to the world. Frightening.

Case in point, within the past week there was a high profile hospital in Los Angeles, California, where there was a breach allowing hackers to get in and ‘took over’ their systems, holding them and their patient records for ransom. Amazing, but not surprising. This should give us all pause in healthcare.

Over the past year, I’ve been working with Innovate Arkansas on some of the exciting things they are doing with the development of technology solutions. They recently introduced me to Neo, a participant in the ARK Challenge and now one of their solution companies. The guys at Neo who developed this cool technology were “white hat” hackers and saw the need for a device that detects potential cyber security breaches (bad guys) on your network and system. Their solution is more of a living-breathing organism that sits and monitors for hackers and potential breaches. I asked Justin Farmer, a principal with Neo, about cyber security regarding healthcare.

“Historically, medical facilities are behind the curve in defending the incredibly valuable data they store about their patients. Hackers know this, which makes a hospital or clinic an easy target to exploit. Medical records are ripe for the picking on the digital black-market since they hold everything a criminal needs to know about a person,” Farmer said.

Sobering.

The key here is to have a proactive approach to solving this vulnerability. You can’t sit back and think everything is fine and depend on your application software companies/vendor or even your IT partner to do this. Because, if there is a breach and you lose PHI- patient social security numbers, credit card numbers, cell numbers, etc. it won’t be just them that lose their job.

And, this does not just apply to healthcare.