Securing every endpoint where hospital staff access medical information remains one of the top priorities for every...
hospital IT department. Deploying software to assist in monitoring employees' devices has made this task more manageable.
But as more healthcare BYOD initiatives are introduced, IT needs to reassess its processes and procedures to ensure a high level of protection against data breaches. Most IT departments' existing processes to secure patient data are being threatened by the complex devices that are entering their hospital facilities.
Medical devices also vulnerable
Wireless insulin pumps, wireless vital monitoring devices, pacemakers and artificial pancreases are but a few of the devices that can pose a significant health risk if they are compromised. Data breaches take a back seat to security threats that affect the functionality of any of these medical devices. There are no common security tools that can be deployed to protect these new and complex products.
At Black Hat 2011, an insulin pump was compromised by a security expert. He was able to remotely control the medical device through a controlled hack. This type of attack can be a nightmare for hospitals, manufacturers and patients. Traditionally, IT can address vulnerabilities within devices by updating their firmware or by deploying antivirus or antimalware software to keep them from being infected. Unfortunately, IT is unlikely to do house calls to update an implantable medical device. This poses a serious challenge for hospitals. They will need to address the security risks of many of these devices before purchasing them.
Another area of concern for hospitals is how to secure data transmitted from medical devices. Some of these transmissions hold critical health information that could lead to serious consequences if intercepted and modified.
Not just a HIPAA concern
Some of these concerns go beyond HIPAA compliance. They are serious enough that they would need to be addressed by providers, medical device manufacturers and IT security experts. To calm their fears and educate their staff, providers must work with vendors to define all security best practices. Providers must also be aware of how all of their devices work to protect patient data during transfer and while at rest.
As hospitals become more dependent on medical devices and install healthcare BYOD policies to help remotely capture and transmit health data, increased risk will be the reality. In fact, it may end up being IT's biggest security challenge.
At Black Hat 2014, attendees learned how to combat all the latest security threats. While some may have taken it as an opportunity to learn new hacking tricks, healthcare cybersecurity experts hopefully learned a few lessons about how to better protect health information, regardless of where it is.
About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email firstname.lastname@example.org or contact @SearchHealthIT on Twitter.
Tips to maintain a safe healthcare BYOD program
AHIMA presenter calls for BYOD innovation
A proper BYOD implementation should simplify healthcare