What are the biggest cybersecurity challenges in healthcare?

Whether going in for a routine office visit or seeking treatment for an acute need, healthcare data contains some of our most personal details. The last thing anyone wants to worry about is that information being compromised.

Healthcare IT News issued a special report in July on the challenges facing healthcare cybersecurity and the best practices for overcoming those challenges.

Challenge #1: Ensuring Systems are Optimized

Healthcare providers use an endless number of pieces of technology, from front desk computers to hand-held tablets containing electronic medical record (EMR) systems, to apps on cell phones used by physicians. This is why it’s important that healthcare organizations are consistently assessing their technology.

Sean Atkinson, chief information security officer at the Center for Internet Security, shared that having a solid baseline of these devices and applications can help ensure updates and patches are applied appropriately, thus reducing the risk of security breaches.

“[Baselining] helps to mitigate inadvertent and unauthorized access and usage of systems and data on the network – bringing us to the next best practice of analytics,” says Atkinson.

Atkinson believes that optimizing analytics goes hand-in-hand with baselining. Knowing what data is expected to go in and out of a system at any given time helps with identifying when a rogue agent has entered the system.

Challenge #2: Understanding Risk

If healthcare cybersecurity experts aren’t aware of the risks facing their organization, they cannot plan for potential security situations. Robust risk assessments and security report cards can help ensure an organization is functioning at a high level of preparedness.

Gerry Blass, president and CEO of ComplyAssistant, recommends that a security report card should address the top five high-risk gaps, results of vulnerability assessments, status of medical device security, workforce phishing test results, information on industry breaches, and more.

“The objectives of the report card are to create a culture of awareness, transparency, accountability and trending that can be easily understood by leadership, and to make the organization more functional in regard to information security risk management and compliance,” says Blass.

Challenge #3: Adapting to Changing Technology and Changing Times

Telehealth has seen burgeoning use as COVID-19 has kept both patients and physicians at home. Cybersecurity experts need to ensure that patient data remains protected regardless of where the healthcare provider or patient are located.

On top of that, vendors, such as EMRs, and other connected medical devices may have their own built-in security and often utilize cloud-based storage. The levels of potential security failure mean that cybersecurity experts need to ensure their strategies can be adapted for use at each step of data transmission.

“Best practice here incorporates usage of core technologies to enable remote capabilities augmented by digital identity platforms and tools while integrating accepted policies and procedures that enforce security protocols,” says Neelkamal Agarwal, managing director, health and public sector cybersecurity lead, at Accenture.

Want to learn about cybersecurity? Capitol Tech offers bachelor's, master's and doctorate degrees in cyber and information security. Many courses are available both on campus and online. To learn more about Capitol Tech’s degree programs, contact admissions@captechu.edu.