By: Thomas Smolinsky of Navinet
The healthcare industry has certainly become a desirable target among the advanced hacker population. I’m not the only one who recognizes this. At HIMSS15 this year in Chicago, healthcare IT professionals gathered to discuss the hottest topics impacting health IT. This year, patient privacy and data security made the top of the list. This was evident with the event’s new Cybersecurity Command Center that featured breakout sessions, demos, and talks focused on how to improve cybersecurity in healthcare. CIOs and technology professionals alike have banded together since the conference to discuss new, innovative ways to tackle these new cybersecurity threats.
Nonetheless, in many of the recent health data breaches, two main contributing factors were evident that need to be addressed:
- Unauthorized access was obtained through our broadest and most variable vector — users of our systems.
- Unauthorized access went undetected for an extended period of time.
At this point, we must assume that we are each a potential target for cyber hackers and shift our thinking from perimeter protection solutions toward anomaly detection, education and aggressive process improvement. The goal must be to change the general behavior and practices of our most vulnerable layer; the people that use our systems every day and couple with a focus on rapid detection systems and response protocols that will assist us in quickly identifying abnormal and potentially dangerous activity.
Here’s how:
Recent advances in health IT are moving at the speed of light, but it’s up to us and other healthcare professionals to ultimately be arbiters of the data we supply, transmit, protect and exchange. At NaviNet, we have an entire team occupying an entire floor known as the NaviNet Operations Center in our Boston office dedicated to protecting our network that traffics data between 600,000 providers throughout the U.S and over 30 health plans. We couldn’t be America’s largest healthcare collaboration network if it wasn’t for our dedicated team. We as healthcare professionals must each take it upon ourselves to improve our understanding of the risks that we present and seek out resources to educate ourselves on safe computing best practices while delivering best-in-class business critical applications. So, how does your organization battle cybersecurity and balance your healthcare business initiatives at the same time?