Healthcare IT Risk | Advances
In the last few decades, increasing availability of technology in healthcare has lead to some amazing advances, both for physicians and patients.
Healthcare IT Risk | Advances
In the last few decades, increasing availability of technology in healthcare has lead to some amazing advances, both for physicians and patients. Documentation for physicians is well on its way to becoming more streamlined, thanks to the interconnectivity of electronic health records, and the potential for “One patient, one record” only becomes more of a reality with each new innovation. Patients who use computers, tablets or smartphones have more access to their health information than ever before, with many patient portals available through participating healthcare systems. With these advances, however, comes risk. Technology is heavily safeguarded, particularly in healthcare, but it’s imperfect. As technology advances, so do the hackers who attempt to find loopholes into healthcare systems. After all, in terms of identity theft, what holds more useful information than a medical record? Perhaps that’s why, in the last year, of all identity theft claims, 43% were medical related. So, when thieves are perusing vulnerable spots, almost half the time they’re looking to healthcare organizations, hospitals and these online portals. So, what are some of these vulnerabilities that you should be safeguarding against?
Healthcare IT Risk | Insecure Browsers
Just this last week, Microsoft warned consumers of a vulnerability in Internet Explorer that made users particularly vulnerable to hackers looking to insert malware into their computer systems. While the bug was patched relatively quickly, it was the first time that the United States government actually told users to cease using a browser. A bug that big could easily have made patient portals vulnerable to malware, as based upon consumer statistics, IE has more than 1 billion users; more than any other browser currently on the market.
Healthcare IT Risk |Unsupported Operating Systems
Microsoft has also recently announced they will no longer support older versions of their Windows operating system (OS). As they are progressing more toward the chic, Mac-like appearance and functionality, it didn’t come as much of a surprise that they are all but abandoning older OS’s. The problem is, smaller healthcare organizations, as well as patients and consumers, may take the “don’t fix it if it isn’t broken” mentality and continue to use an unsupported Windows OS to avoid the costly upgrade. This leaves them vulnerable to malware, loss of data, and many other inconveniences that could potentially cause enormous problems if they store or access personal data through their computers.
Healthcare IT Risk | Electronic Records
Even though most EMRs on the market claim that they are “bulletproof”, they are clearly not immune from serious threats of patient information seeking hackers. This risk intensifies when physicians and patients use third-party applications to access electronic records, or email, on iPhones and tablets. Handheld devices may not be under the same amount of scrutiny as hospital or office computers. Particularly in the case of “remote” work, there might be technological vulnerabilities that go virtually unrecognized until a threat is made.
Healthcare IT Risk | Inside Threats
Again, with EMRs, comes the potential for hacking — but from within an organization. Not that this is vastly different from the information that could be gleaned from a paper chart by a snoop, but with technology making it much easier to capture and send data, the breaches can now happen faster — and reach a greater distance. Where an “inside hack” of days past might have jotted down names, dates of birth, and social security numbers–not to mention billing and insurance information– from a few paper charts, now, someone who intended to breach an organization’s data could obtain hundreds of patient charts with much less effort. Audits at an organizational level need to be done routinely to safeguard against this, and users of the electronic records need to be made aware of access policies. Those policies may need to be revisited several times a year, and adjusted, to meet the demands of healthcare’s ongoing reliance on information technology.
Healthcare IT Risk | Lack of Upper Level Understanding
Healthcare leaders are overburdened as it is by the growing demands and changes necessitated by healthcare reform. IT security needs to be higher on their list of priorities, but it’s easy for it to fall through the cracks. CEOs of 2014 were not educated during a time in history when technology pervaded every element of one’s personal, professional and social life. Quite frankly, the general lack of understanding in upper level management stems both from disinterest and lack of exposure. While the education is there, technology is vast and can’t be grasped overnight, or through one seminar. To understand and to use efficiently the technological advances available to medicine are two completely different arenas, and many healthcare CEOs who are at the end of their tenure may not see the point. But the reality is, technology is quickly becoming the foundation for many industries, not just healthcare, and to continue to place it lower on one’s priority list is a grave mistake that will have financial ramifications.