Security Technology Executive

FEB-MAR 2017

Issue link:

Contents of this Issue


Page 22 of 61

www. • Februar y/March 2017 • SECURIT Y TECHNOLOGY E XECUTIVE 21 every week according to the Health and Human Ser- vices Office of Civil Rights, as required under section 13402(e)(4) of the HITECH Act. Although over $19 million in penalties have been levied for just the top six incidents alone, security does not even register as one of the top concerns of healthcare CEO and CFOs alike. What's Keeping Information Security from Being a Top Concern? The year 2017 is going to bring with it great uncer- tainty to the healthcare industry—but for CEOs and CFOs, the issues caused by information security are a molehill compared to the upcoming regulatory envi- ronment. According to Becker's Annual CEO+CFO Roundtable, top decision makers include volume leakage and smart expansion as their two primary concerns. From a recent survey by the American Col- lege of Healthcare Executives, financial challenges and healthcare reform are viewed as critical issues. Security is nowhere to be found. Patient data security is often relegated to the IT department, but it's a problem that should be top- of-mind for every leader in the industry. In light of this, what's keeping information security on the back burner? Three problems complicate the healthcare industries approach to security: • The decision to aggregate all healthcare data between providers adds weak links to the chain. A healthcare system is only as strong as the security of the weakest partner attached to its network. Anyone who followed the Tar- get breach, where the retail giant was hacked through an associated HVAC repair company, understands why this is problematic. • Healthcare has historically lagged in IT security investment. Although these investments began to increase in 2016, the extra funds were mod- est, unevenly applied, and clearly failed to stem the tide of high-profile ransomware attacks. The problem when it comes to patient healthcare data security is that no one dies when their personal information gets stolen. Image Courtesy of » For healthcare organizations, it is imperative that investments into information security match investments into other digital tools. « If identity theft was tantamount to death or serious illness, healthcare organizations would put greater focus on the issue. Nurses and physicians would be trained on patient security at every level on the way up and get continuing education credit throughout their professional careers. There would be checks and double-checks on every "door " patient data could leak. From back office employee, outside vendor, to clinician, orientation would include security. Even with increasing awareness of data security, however, healthcare organizations are slow to stem the tide. On average, six healthcare data breaches impacting 500 or more individuals are reported

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - FEB-MAR 2017