Fair Warning: How to Prepare for Cyber Adversaries


Health care data security iconMore than half the hospital executive respondents to a recent Healthcare IT News survey indicated they were planning security upgrades to IT infrastructure in 2017. It’s not surprising that increasing security would be a top priority for healthcare providers, outpacing such choices as analytics, patient engagement, population health or EHRs.

In terms of sheer number of patient and medical records compromised, 2016 was a relatively quiet year when compared with the huge healthcare data security breaches of 2015, when more than 113 million records were breached, according to the Breach Barometer Report. Reported breaches in 2016 were slightly over 27 million.

But before you breathe a huge sigh of relief, you should recall that several large health plans were hit by breaches in 2015, which skewed the numbers. If you just look at the number of data breaches—regardless of number of records compromised—incidents increased nearly 80%, from 253 to 450 in 2016. That’s more than one breach per day, a quite sobering statistic.

Other statistics from the breach report show that more than four in five breaches were reported by healthcare providers, as opposed to health plans or business associates. Employees were responsible for 43% of breaches, whether by intentional snooping or theft or by error, such as unknowingly clicking on malware. But more than one-quarter of all incidents were caused by hacking or ransomware, which rightfully concerns healthcare executives.

Attacks becoming more targeted

When you think of a data attack, you probably imagine hackers trying to gain access to the widest number of records possible. And you may be right. However, smaller practices and providers—as well as individual departments within health systems—could be more vulnerable because security may not be a prime driver among both technical and non-technical staff.

The push towards interoperable healthcare IT systems also can be a challenge to providers of all sizes. The links among systems can be weak spots in a provider’s security plan, and older technology may not have the same level of security as newer systems do.

“More and more, healthcare systems are becoming the target of cybersecurity attacks,” said Evgueni Loukipoudis, CTO and CIO at Change Healthcare Imaging and Workflow Solutions.

But security should work in conjunction with provider needs to tend to patients immediately. You know how hard it is to recall the password for that system you use only occasionally. Add the pressure of a patient’s vital signs crashing in front of you while you try to call up a medication history, and you begin to understand the need to think of security and access at the same time.

Close technical coordination can hamper criminals while also promoting data access

Change Healthcare has been working toward bridging gaps in its products, making them interoperable from a technology standpoint not only within the Change Healthcare product family but with competing, yet complementary products upstream and downstream.

“Change Healthcare is committed to interoperability and to the success of our customers,” said Tomer Levy, general manager, Workflow and Infrastructure. “One way we demonstrate our commitment is that we strive to make our solutions and products are interoperable by design. That means, operationally, they are not tied to just Change Healthcare systems—they are designed to interact with other systems as well.”

Tighter product coordination won’t eliminate all security risks, but it will leave fewer weaknesses in an overall system. And that can play a part in an overall security plan that gives health system executives peace of mind that they are doing everything within reason to safeguard patient records and other protected information.

To learn more about how we can help you address your security workflow and interoperability needs, book a demo or meeting in advance or visit Change Healthcare booth 3479 at the upcoming HIMSS ’17 in Orlando, Florida this month.

Leave a Reply