It’s no secret that health care is one of the most vulnerable sectors when it comes to cyber crime. Medical records come with higher black market values than other information like credit card numbers. As a result, cyber criminals are laying siege to medical data.
This is a guest article written by Jori Hamilton. The author’s views are entirely her own and may not reflect the views of IT Governance USA.
With the cost of data breaches historically higher across health care companies, securing data storage processes is essential to combating mistrust of medical facilities and care providers. Attacks have also spiked during the COVID-19 pandemic, so patients need every bit of security they can get. Understanding where health care data gets stored and the strengths and weaknesses of these storage systems is key.
Where health care data gets stored
To understand how and where health care data is stored, it first helps to understand how it’s collected. Health care administrators increasingly use connected medical devices that store data in electronic databases.
Hospitals collect patient data using a host of devices. These include IoT (Internet of Things) sensors and monitors that report patient and hospital information in real time, allowing unprecedented levels of transparency and insight among staff. There are also the traditional inclusions of data from X-rays, CT scans, MRIs, and more.
These tools gather millions of gigabytes of information each year, and that data has to go somewhere. Most care facilities choose to host the information in-house, on private servers and networks. This makes it even more important for all medical staff to be well-versed in the status of the information systems they use, as changes in EMRs, administrative systems, patient portals, and data security features can put information at risk.
Other facilities use Cloud databases and decentralized storage systems. By outsourcing data storage to organizations with cybersecurity expertise and the means to back up and secure information, hospitals can mitigate some of the risks. However, these options come with their own set of drawbacks.
Regardless of the approach, care providers face widespread uncertainty when it comes to data protection. Can health care data storage ever really be secure?
Strengths and weaknesses
The health care industry does a bad job of managing data security. Only 25% of registered nurses expressed any recent changes in the way their employers protect patient data, and cyber attacks are skyrocketing. The COVID-19 pandemic only saw the situation get worse, and we face many cybersecurity problems in 2021 and beyond.
One of the most common attacks against health care information systems involves ransomware. Ransomware infiltrates systems and locks them down, making it impossible for users to access the information they need unless a ransom is paid. For example, in October 2020, six hospitals were hit by Ryuk ransomware in a 24-hour period.
Without measures in place to continuously improve employee awareness and the quality of cybersecurity protections, health care data cannot be secure. However, modern cybersecurity efforts have their strengths.
The health care industry is governed by several regulations and data management standards. Additionally, evolving technologies offer new and comprehensive ways to secure information. Here are some strengths:
- Data is protected under HIPAA (Health Insurance Portability and Accountability Act), meaning the federal government enforces cybersecurity best practices among health care information systems
- Cloud solutions offer cheaper and better security for care facilities, with the added benefit of reducing the risks of human error in a private network
- Advancements in blockchain – the technology that makes cryptocurrency possible – allow for digital, immutable storage of data in which each patient possesses their own authorization keys
Despite these efforts, care facilities still have to stave off a host of attacks every day. They also face internal threats, with 18% of health care employees admitting they would sell patient data for profit. Here are some other major weaknesses:
- Human error was a major contributor to 95% of all data breaches in 2020
- Telehealth and remote working present more access points for vulnerable information systems
- Care providers are already overwhelmed, leaving little room to focus on cybersecurity
No health care data storage system is truly safe. The risk of human error alone means virtually any system can suffer a breach. However, an informed approach and advancing tech can help secure the future of health care data.
The future of health care data security
Personal data is always at risk. For example, many corporations are introducing wellness programs that promote employee health and teach staff how to improve and maintain wellness. Don’t just educate your employees on their health, however. These programs collect and store a lot of personal data, so you should also teach staff how to protect their accounts. By educating employees and using the latest cybersecurity technology, health care information systems can add much-needed layers of safety.
Whether hospitals are storing information in-house or outsourcing to the Cloud, the strengths and weaknesses of data cybersecurity abound. Manage the risks by practicing great digital hygiene, and explore the potential of databases like blockchain for safer data storage.