News | Cybersecurity | February 10, 2017

Logicalis Healthcare Solutions Focuses on Top Five Cybersecurity Issues for CIOs at HIMSS17

Solution provider examines cybersecurity for patient information

Logicalis Healthcare Solutions lists the top cybersecurity issues for CIOs at HIMSS17.

February 10, 2017 — With the Healthcare Information and Management Systems Society’s annual meeting (HIMSS17) scheduled for Feb. 19-23 in Orlando, Fla., Logicalis Healthcare Solutions outlined five of the top cybersecurity issues currently faced by healthcare chief information officers (CIOs).  

Cybersecurity has become an area of great interest in the health sector and a top priority for healthcare CIOs, according to Logicalis. With over 100 data breaches among healthcare organizations in the past year alone, industry experts estimate the cost for lost records in 2016 was nearly $3 billion.1 While all breaches are not directly related to the electronic health record (EHR) or billing systems, the company said that is where cybercriminals tend to go first to acquire valuable patient data.  As such, there are key aspects of securing patient information within the EHR and across the healthcare network that must be addressed holistically.

“We need to balance ease-of-use and ease-of-access to patient data with the ability to secure this information not just within the health entity itself, but across all member health organizations that support it. Understanding data flow and system connectivity is key,” said Ed Simcox, healthcare practice leader, Logicalis Healthcare Solutions. “As a result, healthcare CIOs must take a holistic, collaborative and consultative approach to security – examining the systems and human interaction of patient information throughout its entire lifecycle.”

“You have to take an architectural approach to healthcare security looking at the whole organization and all data interaction points, not just the sum of its parts,” said Ron Temske, vice president, security solutions, Logicalis US.  “Don’t fall prey to buying disparate best-of-breed solutions which are often deployed in isolation. Without proper integration and sharing of actionable threat intelligence, you won’t have an effective holistic view of your security.”

The five top security issues for healthcare CIOs, according to Logicalis, are:

1. Securing EHR Environments: Today’s top EHR providers – companies like Epic, Meditech and Cerner – offer very clear guidance to hospitals regarding the architecture of their computing environments. These prescriptive guidelines, while created to ensure the functionality of the EHR solution, can also constrain the healthcare CIO from enhancing security to protect the patient information contained within the EHR system. The burning question on many healthcare IT pros’ minds, according to Logicalis, is how to secure an EHR application and its associated data without interfering with or degrading the application itself. To build an effective data perimeter that works in cooperation with these top vendors’ EHR applications, healthcare CIOs may need an experienced solution provider’s help.

2. User Authentication: Think of the sheer number of users that legitimately log on to a hospital’s wireless network daily – patients, family members, visitors, physicians, subcontractors (i.e., visiting surgeons, for example) – extremely high volumes of network traffic to monitor. Which is better – knowing that “Guest 321” has just entered a secure area or that “John Smith” has entered it? Taking the issue of authentication a step further, since hospitals often have computing terminals in every patient room, if a doctor logs into the EHR system to upload patient notes, but forgets to log out, protected health information becomes easily penetrable by cyber adversaries as well as well-meaning patients, their family and guests.  Single-sign-on solutions with scheduled timeouts is an example of an effective tactic to help resolve these concerns.

3. Preservation of Identity: While authentication is critical, so too is the preservation of user identities. With the virtual desktop infrastructure (VDI) hospitals typically use in their EHR environments, user identity can be difficult to capture and audit. Solutions exist, but if the IT professional delivering the EHR implementation is not familiar with possible security protocols that can preserve the identity of users throughout the system, these safeguards will not be enacted.

4. Proliferation of End Points: In a hospital setting, there are a myriad of computing devices in play – desktop and mobile computers, tablets, smartphones – any of which can be used to deliver malware or even ransomware into the host network. The key is to gate access and deploy tighter controls on what users can see, how they are authenticated and what policies are deployed if a device is lost or stolen.

5. Internet of Things: One of the newest challenges for healthcare CIOs is the vulnerability inherent in connecting to Internet of Things (IoT) devices; any piece of medical equipment with a built-in operating system – even if it does not have patient data stored on it – can become a “zombie” used for nefarious purposes by a would-be attacker. This challenge is similar to the EHR security issue in that IoT devices are often too small for a security software agent to be loaded onto the device requiring the healthcare CIO to consider a protective data barrier around the organization’s IoT infrastructure.

Logicalis suggests healthcare CIOs open an internal dialogue, explore questions with colleagues and engage an experienced solution provider who understands the complexities of security and healthcare information technology (IT). Taking a proactive approach to complex issues will ensure healthcare IT leaders ask the right questions and implement effective strategies to avoid costly breaches before they occur, the company said.

For more information: www.us.logicalis.com/healthcareit

1. Modern Healthcare, Jan. 20, 2017; “Vital Signs: How America’s Youth is Key to Fixing the Sad State of Cybersecurity.”

 

Related Healthcare Cybersecurity Content:

Raising the Bar for Medical Device Cyber Security

FDA Seeks Management of Cybersecurity in Medical Devices

Healthcare Industry Lacking in Basic Cybersecurity Awareness Among Staff

Market Report Calls Into Question St. Jude Medical EP Device Safety, Cybersecurity

FDA Harshly Criticizes Abbott, St. Jude For Failure to Address EP Device Safety

Healthcare 2015 Data Breaches - Why the Cloud Is Not Responsible

HIMSS: Two-Thirds of Healthcare Organizations Experienced a Recent, Significant Security Incident

How You Should – and Should Not – Be Sharing Medical Information With Patients

How Can Doctors Practice Better Security?

U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information

Related Content

AMA survey finds economic, patient-care impact of Change Healthcare cyber-attack ongoing
News | Cybersecurity
Life After Change Cyber-attack: Without Payment for Claims, Physicians Struggle to Keep Practices Afloat

April 10, 2024 — The American Medical Association (AMA) released informal survey findings (PDF) showing the ongoing ...

Home April 10, 2024
Home
In a new letter sent to federal officials on March 12, the American Medical Association (AMA) has presented six relief proposals to support physicians impacted by Change Healthcare hack, and praised the creation of the Change Healthcare/Optum Payment Disruption (CHOPD) Accelerated Payments.
News | Cybersecurity
AMA Presents Relief Proposals to Federal Officials to Support Physicians Impacted by Change Healthcare Hack

March 14, 2024 — The American Medical Association (AMA) has issued a new letter to federal officials in which it praised ...

Home March 14, 2024
Home
An AMA letter sent to Secretary Bacerra outlines ongoing concerns of physicians amidst the cybersecurity incident that has impacted Change Healthcare
News | Cybersecurity
As Cyberattack Jeopardizes Physician Practices, AMA Demands Action

March 6, 2024 — As the cyber-takedown of Change Healthcare has forced medical practices to go without revenue for a ...

Home March 06, 2024
Home
Videos | Cybersecurity
VIDEO: A Look at Cybersecurity and How Healthcare is at Risk

This year at HIMSS, the theme is Health That Connects + Tech That Cares, and cybersecurity is indeed a part of this ...

Home April 21, 2023
Home
The survey reflects the opinions of healthcare cybersecurity professionals that are responsible for either day-to-day operations or oversight of healthcare cybersecurity programs
News | Cybersecurity | By Melinda Taschetta-Millane
2022 HIMSS Healthcare Cybersecurity Survey Report Results Published

April 10, 2023 — The 2022 HIMSS Healthcare Cybersecurity Survey results were recently published. The survey reflects the ...

Home April 10, 2023
Home
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion ...

Home August 29, 2019
Home
New Report Examines Hospital Cybersecurity Challenges in Georgia
News | Cybersecurity
New Report Examines Hospital Cybersecurity Challenges in Georgia

August 20, 2019 — Healthcare data breaches are currently being reported at a rate of more than one a day, according to a ...

Home August 20, 2019
Home
According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols.
Feature | Cybersecurity | Maxim Chernyak
How to Protect Health Data With Security Testing Automation

As the National Association of County and City Health Officials state, healthcare breaches remained to be costly and ...

Home May 06, 2019
Home
Videos | Cybersecurity
VIDEO: Preventing Medical Imaging Cyberattacks

Anton S. Becker, M.D., radiology resident at the University Hospital of Zurich, Switzerland, discusses the long-term ...

Home December 12, 2018
Home
FDA and DHS Expand Partnership on Medical Device Cybersecurity
News | Cybersecurity
FDA and DHS Expand Partnership on Medical Device Cybersecurity

October 30. 2018 — The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will ...

Home October 30, 2018
Home
© Copyright Wainscot Media. All Rights Reserved.
Subscribe Now