Interoperability comes with risks because connection points are inherently vulnerable to exploitation by hackers seeking to sell stolen patient personal data or lock down a provider’s data and then demand a ransom.
Connected care, by definition, requires the ability of disparate EHRs and digital devices to collect and share patient data. But interoperability comes with risks because connection points are inherently vulnerable to exploitation by hackers seeking to sell stolen patient personal data or lock down a provider’s data and then demand a ransom.
That’s a real security problem facing hospitals and health systems as they integrate new technologies with legacy systems, join health information exchanges (HIEs), struggle to meet quality reporting mandates, and increasingly rely on cloud deployments.
Over at Healthcare IT News, Managing Editor Bill Siwicki talks with two healthcare security professionals about what hospitals, healthcare networks, and private practices can do to mitigate cybersecurity weak points.
In addition to basic internal cybersecurity best practices, it is important that providers rigorously assess the security posture and track record of technology vendors whose products or services are being considered.
“Anytime a hospital is looking to add a new vendor, in fact, regardless of whether they sell heating units or health apps, it’s important to consider all aspects of the administrative, technical and physical security considerations,” Siwicki writes. Glenn Stover, IT security manager at Delaware health system Beebe Healthcare, said these considerations include the vendor’s levels of compliance, product support, and potential financial and risk impact.
“Blank stares or lack of positive response to any one of those questions is a significant weak point that can affect not only their capabilities as a vendor but ultimately may impact the hiring healthcare organization’s patient data and business resiliency,” Stover tells Siwicki.
FairWarning CEO Kurt Long says while both providers and vendors are part of the problem, they also can be part of the solution.
“Generally, healthcare providers tend to under-prioritize security and privacy,” Long says. “However, healthcare software vendors are making life pretty difficult on their customers in this area.”
For example, he says, while “security vulnerabilities and HIPAA compliance responsibilities are to secure all systems that access PHI, EHR vendors may bundle information security solutions for things like privacy monitoring of audit logs, which are compatible with their software.”
You can read the full article here.