Healthcare CIOs and hospital IT departments setting goals for next year are staring down a familiar task: maintaining healthcare data security on limited budget resources.
A group of CIOs representing eight healthcare organizations met at the Scottsdale Institute 2014 Fall CIO Summit to discuss how providers can stay competitive in today’s healthcare market. Participants noted a breach perpetrated by a hacker group from China that exposed the data of 4.5 million Community Health Systems, Inc. patients in April and June of this year. The healthcare CIOs at the summit agreed data security is one of their primary concerns. They also concurred that regardless of the preventive measures taken, their organization remains likely to endure a data breach at some point.
Providers’ worst data breach fears are confirmed when they learn of incidents such as one that put the information of patients at Boston-based Brigham and Women’s Hospital (BWH) at risk. An armed robbery of a BWH physician resulted in the theft of their laptop and cellphone and the forced disclosure of the passcodes to those devices, which could be used to access the information of neurology and neurosurgery patients treated between October 2011 and September 2014.
Cybersecurity checked in at ninth in the ECRI Institute’s 2015 Top 10 Health Technology Hazards list. The list coincidentally is headed by alarm fatigue for the fourth consecutive year. Robotic surgery complications and inadequate reprocessing of medical equipment after use are two other concerns included as concerns to monitor next year.
The ECRI Institute’s downloadable report goes into greater detail about the various security weaknesses of which providers should be aware. Protecting electronic and medical devices used in their facilities requires keeping those technologies updated with the latest security patches, something that’s not always possible. Providers sometimes skip security updates out of fear that it could interfere with the device’s performance. Some legacy devices are simply no longer supported by the manufacturer, and their continued use is fraught with data security risks.