Sergey Nivens - Fotolia

When it comes to healthcare big data the risk is worth it

CIO Joel Vengco discusses how healthcare big data can improve patient care and create more vulnerabilities. In the end, he thinks it's worth it.

Big data in healthcare will open up vast amounts of data to healthcare organizations and providers, allowing them to get a deeper look into the data, extract valuable insights and ultimately enable them to improve patient care. At the same time, opening up that data can possibly create more vulnerabilitiesthat hackers can take advantage of, said Joel Vengco, vice president and chief information officer at Baystate Health in Springfield, Mass. In this Q&A, Vengco discusses the potential security issues healthcare big data brings to the table, what can be done and whether it's all worth it.

What's the potential of IoT and healthcare big data? What are the concerns?

Joel Vengco: There's a lot of value to having that data exchanged more liberally but then it's a double-edged sword … A lot of things stem off of big data as we discussed -- privacy and particularly security -- and as we start to really go down this path of true big data and Internet of Things, security, particularly cybersecurity and information security, become cornerstones of any IT organization. And so in the past we've had security teams and we've had structures in place that we rely on to ensure that we're compliant with HITRUST [Alliance] standards or HIPAA standards, but now that we're really creating more gateways and more access to this data, I think we're going to find information security [and] cybersecurity to be really the focus of IT outside of the applications that we service on a day-to-day basis. And that's going to be a big challenge because as you know, healthcare data on the black market is worth much, much more now than even credit information. So that kind of accessibility of the data that we're providing today is really going to push more of us to focus on how to create strategies for information cybersecurity going forward.

So opening up the data is good for people within healthcare but it also means you're making yourself vulnerable to attackers?

I do think there's a lot of benefit there. It's still scary nonetheless.
Joel VengcoBaystate Health

Vengco: Exactly. Exactly right.

That's a tough place to be.

Vengco: It is a tough place to be … I certainly hate to say it as a CIO, but that's what keeps me up at night. And when you think about these big companies like Sony and Home Depot and Target and even large insurers who, let's just say, have bigger IT budgets and yet they can't seem to stop some of these attacks, it's pretty scary for a lot of health systems, you know?

What do you think healthcare organizations can do in order to better protect themselves? Is it about constant vigilance? Is it about developing better security tools?

Vengco: It's a little bit of a lot of those things. A lot of these infiltrations happen because your employees internally aren't being as careful as they should be and you're not training them well enough, perhaps. It's not necessarily just their fault. It's a team game, this is like a team effort. So you have to make sure that they're well trained but that they're also vigilant on their own. Because as soon as they put an app [out there] that has a gap in it or a hole in it, and that's what the bot was waiting for or that's what the hacker was waiting for, now they're in with one user and they can sort of crawl through everything else. That's what happened at Sony, really. They actually accessed one user or a couple users and it proceeded from there. That's really the Trojan horse issue. How do you stop someone from coming in through another gateway even if it's not a front end? Maybe somebody clicked on a link through an email that they thought came through an internal division and all of sudden folks are in. So that's a part of it. And, of course, security tools are huge too. The maturity of those is continuing to evolve, and healthcare is certainly behind in terms of those tools that they've either purchased or implemented … We need to continue to strengthen our security posture. So policy, technology and the people are really important in fighting against that kind of cybersecurity issue.

Do you think the benefits of healthcare big data outweigh the privacy and security concerns and risks?

Vengco: I think they do … When we think about the different things we can discover with the availability of big data, it's limitless. I think healthcare struggles still today with having access to that kind of data and it struggles with true discovery of perhaps new ways to treat patients, of new processes or methods to keep patients well because we don't have all of that empirical data in a single place. We've got pockets of it and we've got sample data, and that's good, but I think when you have petabytes and petabytes of data, that really significantly changes the game of medicine and the way we care for people. So I do think there's a lot of benefit there. It's still scary nonetheless.

Let us know what you think about the story and the effect of big data in healthcare organizations; email Kristen Lee, news writer, or find her on Twitter @Kristen_Lee_34.

Next Steps

Learn more about healthcare big data:

Telemedicine, remote patient monitoring fueled by big data

Population-scale genomics not restricted by vast data

The potential of data analytics and IoT in healthcare

Dig Deeper on Health care business intelligence systems