When talking about the state of information security in the healthcare world, it’s all too easy to come up with witty titles along the lines of, “Is IT Security in Need of a Check-Up?” or, “<Insert Software Name Here> Is Just What the Doctor Ordered For Securing Your Data!” However, indulge me here: In the healthcare sphere in general, it’s not far-fetched to say that information security is a patient in need of critical care. As a quick example, recent data collected by the HHS Office for Civil Rights, projected health information breaches affected over 113 million individuals in 2015. What can be done in the face of such odds? I was fortunate enough to participate in a recent panel discussion with a diverse group of experts who are dedicating much of their time and energy to addressing these issues. Specifically, The Health Technology Forum is a not-for-profit group of individuals who meet regularly to discuss the interface of healthcare and technology and the challenges facing the intersection of these two areas. Due to the explosive growth of health technology, this forum has generated a huge amount of interest and recently just welcomed their 15th chapter. Our panel was dedicated to discussing emerging approaches to protect health data, the challenges faced while adopting these new approaches and the commonalities and differences in cyber security for healthcare compared to other domains. Panelists included speakers with backgrounds in data visualization, healthcare, information security and regulatory compliance, and the audience was a well-distributed mix of software developers, information security professionals, healthcare providers and auditors. One of the most salient points to come out of the panel discussion was the need for security to be “baked in” to software and hardware. That is, it’s much better to build a seaworthy boat in the first place rather than trying to patch up a bunch of holes when you’re out in the open ocean. When applied to the “Internet of Things,” this becomes even more critical due to the sensitivity of the data that could be exposed via improperly-secured patient monitoring systems, wearable health-tracking devices (FitBit and the like) and implantable/portable medical devices. Since so many of these devices are designed to be remotely configured and updated, without the proper security controls built into the devices themselves, user data is placed at tremendous risk. Luckily for us as healthcare consumers, the industry is aware of the risks and repercussions of missing or insufficient security controls. However, regulatory standards, such as HIPAA and HITECH, are still a long way from addressing the reality of a dynamically changing healthcare landscape. The ability to operationalize security architectures into both professional and consumer products will be perhaps the single most important factor in working towards a more secure future, and promisingly, companies such as Tripwire are on the forefront of this charge. Title image courtesy of ShutterStock
