Most people consider hospitals and healthcare facilities to be places of healing, yet increasingly they are targets for large-scale attacks.
According to data protection group The Ponemon Institute, criminal cyber-attacks are now more likely to occur in the healthcare industry than in any other economic sector. Big Data security breaches at hospitals and other care providers are up 125 percent since 2010. The largest data breach on record took place in in 2015 at Anthem, Inc. (parent company of Anthem Blue Cross, Anthem Blue Shield and other brands), which disclosed that hackers had stolen more than 78.8 million records containing personally identifiable information. Anthem’s shares dropped following the security breach, while tech stocks — tellingly — soared.
These and other nightmare scenarios have transformed many healthcare CXOs’ perspectives on Big Data analytics and data security from the cost-dependent “someday maybe” category to the “must have now at any cost” category. A case could be made, after all, that healthcare data is heavily attacked precisely because security has been so severely underfunded. Firewalls are now becoming as important to hospital operations (and hospital budgets) as new imaging technologies.
But even within the healthcare industry, data projects aren’t solely about mitigating threats to patient privacy. More and more, business leaders are turning to data analytics as a way to increase revenue, growth and advancement. Ensuring that their company’s data remains secure isn’t just good for peace of mind. It’s good for the bottom line. Big Data affords CXOs an opportunity to potentially leverage year-over-year financial data, recover assets and spot trends (in patient behavior or hospital readmissions, for example) that they’re often too preoccupied to notice. In fact, a study published in Health Information Science & Systems found that big data analytics can enable the United States healthcare industry to save more than $300 billion per year.
Nevertheless, the sheer volume of data in terms of complexity, diversity and timeliness can be mind-boggling, and traditional security solutions cannot be directly applied to large and inherently diverse datasets. Within healthcare, it’s not just the sensitive physical and psychological data of patients at the application level (via electronic health records, for example) that pose a security risk.
The Big Data healthcare cloud also includes clinical, financial and social data, not to mention the personal data of physicians and other staff. This poses additional risks at the transactional level, given that fetching data might entail accessing databases kept in entirely different facilities. Genetic data is increasingly available due to advances in genomic research, and such data — which opens the door to healthcare fraud and discrimination suits — could do far more damage if it falls into the wrong hands than a social security number or credit card information.
With the emerging Internet of Things, continuous, real-time patient monitoring devices such as pacemakers — as well as CAT scan machines and refrigerators for storing blood and pharmaceuticals — all have IP addresses that pose a potential lure for hackers. Many of these devices also require software that needs to be updated, making them vulnerable to viruses and other cyber threats. Increasingly, personal health data devices like FitBits and other trackers are being used by physicians for patient care, posing an additional risk at the service level.
Furthermore, the complicated rules related to the Affordable Care Act, proper data governance, and HIPPA compliance mean that it’s difficult for CXOs to ascertain — much less ensure — the security of Big Data assets at an infrastructure level, given those assets are often kept in multiple locations, even competing hospitals, with varying levels of security. In other words, although HIPAA protects patient data, it also makes that data more difficult to analyze in order to spot attacks, improve outcomes, reduce security costs and increase revenue.
Unfortunately, the sheer scale of data being generated means that many organizations wait until after an attack to increase security, which can interrupt daily hospital operations and potentially jeopardize patient care. Care providers, after all, must be able to access data in real-time as securely and as quickly as possible. Big Data security measures that neglect to take into account the needs of hospitals and practitioners could actually create potentially life-threatening problems in the name of securing information. Furthermore, the e-discovery process — an attempt to trace a problem with patient care back to its data source — requires that investigators be provided access to certain datasets collected over time.
Although basic steps can be taken to assess a cyber-threat and develop a proactive response, healthcare leaders must develop more sophisticated tools to both assess risk and determine the investment required to deter and cope with such attacks.
Data security is a concern for all business leaders, but for those in the healthcare industry, it can mean the difference between life and death. RoundWorld Solutions can help business leaders not only protect their data, but turn that data into actionable insight that can aid patients, create loyalty and promote growth.
RoundWorld Solutions can assist healthcare providers in aligning patient care, provider needs and business interests with robust security governance. By utilizing the RoundWorld Solutions (RWS) Big Data 360-degree view tool, healthcare organizations can develop a full disaster recovery/business continuity plan that allows access to data, ensures quality patient care and maintains cost benefits and savings.
Our Big Data 360 tool provides CXOs with a unified, top-down view of programs and initiatives that pertain to data security at every level, from applications to services to transactions and infrastructure.
Our expertise in building robust security practices translates to real, practical solutions for each area within your security scaffolding, from customizing our template-driven checklist to ensure that documents being shared between hospitals are protected from security breaches to preventing the kind of breaches at a service level that can hurt both a company’s share prices and its reputation.
Most importantly, RoundWorld can equip your business with systems and approaches that maintain security and both the transactional and infrastructure levels without jeopardizing clinical operations or patient health.
Learn More About Our 2 Week Assessment
or contact us directly today.
This article was provided by:
Public Information Officer