Blog: More Evidence Pointing to the Need for Strong Health Data Security

More than four in five U.S. physicians (83 percent) have experienced some form of a cybersecurity attack, according to recent research by Accenture and the American Medical Association. This study, which is based on the experiences of roughly 1,300 U.S. physicians highlights the clear need for strong health data security. Healthcare providers are a key target for data thieves. The best defense is to create a culture of knowledge around cybersecurity. This involves a holistic, managerial approach to the concepts of health informatics and big data. An important step towards achieving is by applying big data to solve potential data security problems. This involves addressing issues that are apparent in addition to focusing on areas that can be planned for and anticipated in the future.Robust organizational training is crucial for addressing cybersecurity issues. Clinicians as well as members of operational and administrative staff all need to be involved. Data backups can be a lifesaverThe ability to restore health care data from a very recent, timely backup can give health providers a leg up in the case of a cyberattack involving a ransom to return access to information. This is what happened to Medstar Health in March 2016. Unfortunately, although health care providers have spent billions on implementing technology such as electronic medical records and patient portals, less attention is often paid to the concept of security and privacy.Healthcare organizations also need to be thinking about business continuity planning and disaster recovery planning. This includes backing up data, knowing how to restore it, enabling remote backups, and having hot sites.All of the devices that are and can be part of the Internet of Medical Things (IoMT) need to be secured or protected to ensure that they cannot leak data or even patient health information to anyone who has the technological skill to be able to hack into the devices.Prevention efforts should also encompass patient training. Patients need to be educated about their rights and responsibilities in terms of how to best use and protect their own medical records.The best way to avoid the data breaches that seem endemic in health care right now is through a comprehensive approach involving all levels of an organization that establishes a culture based on privacy and security. The steps I suggested that the healthcare sector can take in an earlier blog include to:Develop and execute robust training programs to raise awareness of when data can be at risk and what can be done to protect itEducate the clinical, operation and administrative staff on new topics and strategies such as social engineering Improve Information Technology (IT) and security operations, perhaps by upgrading to IT and security systems that utilize newer technologyInvest in layers of security and continually test and practice a Disaster Recovery Plan (DRP) that includes robust backup and restore functions.Sam Hanna, MBA, CISA, CBCP, CRISC is the program director for the Masters of Science in Management of Health Informatics Analytics (HealthInformatics@GW) program at The George Washington University. Prior to this role, he held leadership positions at global professional services firms where he was responsible for creating and leading large multidisciplinary health industries practices, as well as an investment portfolio in new technologies, solutions and startups. He is a frequent speaker and writer on topics related to entrepreneurship and innovation, health IT, analytics, and the intersection of translational sciences and the business of health. He can be reached at [email protected]