Three-fourths of healthcare providers experienced a data breach in 2017, according to the HIMSS 2018 Cybersecurity Survey. Health data insecurity is the new normal.
A big piece of addressing the cybersecurity healthcare challenge is educating people who work in healthcare settings, and that has been under-funded. Only 41% of healthcare workers say they receive security training, a Forrester study learned in January 2018. Forrester also found that while healthcare organizations have experienced some of the most egregious cyberattacks, the industry allocates a smaller proportion of IT budgets to security compared with than other organizational types at a rate of 22% versus 28%.
I explain the current state of cybersecurity and health data insecurity in a new HIMSS blog linked here. You’ll see updates on the topic from Ponemon Institute, UPMC’s report on connected healthcare, and Merlin International, weaving the story of American health care’s cyber-deficits. Developing a culture of cyber- and health privacy-awareness must be a priority for health providers, who as they look to patients for greater health engagement, must bake their trust into health information systems. That requires ongoing training and culture-building that values patients’ health information as a core building block in the organization’s mission and business workflows.
Consider this a crucial node in patient and clinician experience. The Equifax breach and Facebook/Cambridge Analytica revelations have eroded consumers’ trust in digital data and social networks. The health industry, especially hospitals, enjoy a relatively high level of trust, I pointed out last week in my look into health-specific data generated in the 2018 Edelman Trust Barometer. For hospitals to maintain this high degree of goodwill, they must do better as savvy and switched-on health data stewards on behalf of their patients.
You can read the full HIMSS blog here.
Health Populi’s Hot Points: Concerns about cybersecurity in healthcare have reached the U.S. House of Representatives Committee on Energy and Commerce, which issued an Request for Information (RFI) to study the vulnerabilities and cyber-risks of legacy health technologies. “The challenges created by legacy technologies are, by definition, decades in the making. They implicate dozens of diverse stakeholders with different and at times competing equities, and they have no clear solutions,” the RFI states.
One of the tipping points called out in this document is the WannaCry ransomware outbreak from May 2017, which occurred due to one protocol embedded in “dozens of unique medical technologies,” the document describes.
The link will take you to the Request, and input will be accepted until 31 May 2018.