Security Issues Continue To Plague Healthcare

For an industry that has no other choice but to be sensitive in how it uses information, health care still faces challenges when it comes to securing it.

And while many industries are dealing with the threat of external cyberattacks that could expose sensitive patient data, healthcare organizations – especially medical practices – are facing a challenge in locking down that data internally.

Protenus, a data security and privacy vendor for the healthcare industry, said there were 57 breaches of health information in November that were either reported to the federal government or disclosed through the media. That was the highest monthly total over the first 11 months of 2016. Information was available for 49 of those incidents, in which more than 450,000 records were breached. (The highest monthly data breach total was 11.1 million in June; the lowest, nearly 127,000, in July, according to Baltimore-based Protenus.)

As an industry, healthcare has been weathering a constant state of change wrought by the advancement of information technology over the last two decades. Accompanying that has been two key pieces of federal legislation impacting information practices in the industry: the Health Insurance Portability and Accountability Act of 1996 – more widely known as HIPAA – and the Health Information Technology for Economic and Clinical Health Act – or HITECH Act - of 2009. The HITECH Act outlines how healthcare organizations should adopt electronic health records (EHR).

While EHR adoption may be easier for larger, better heeled organizations, it can be a challenge for smaller, independent medical practices that are not affiliated with the larger providers. And they can be "extremely" vulnerable to security breaches, according to Bob Deuby, president of Medical Solutions Group, a solution provider based in Traverse City, Mich., that he founded this year in part to work with small medical practices.

"You've got vulnerability [with personal health information, or PHI] in the hallways and the lobbies," Deuby told ITBestOfBreed. "It's scary."

Cyber security is projected to be one of the top five IT investment areas for the healthcare industry throughout much of 2017, according to a global survey of nearly 200 healthcare companies by IT recruiting firm Harvey Nash and KPMG. More than half of respondents – 52 percent – expect their IT budgets to increase in 2017, while only 13 percent expect budgets to drop, the survey revealed. Nearly half – 47 percent – cited cyber security as a key business issue that leadership wants IT to address.

Here are five recent perspectives from around the channel on security in the healthcare industry:

SHI INTERNATIONAL: Is your organization prepared for a cyber attack?

SCALAR: Healthcare IT security remains worrisome

LOGICALIS: What can you do when a cybercriminal is eyeing your healthcare data?

AVANADE: 3 critical steps to improve cybersecurity

CSC: What you need to know about IoT hacking and medical devices