Check out all the on-demand sessions from the Intelligent Security Summit here.
While hospitals and healthcare systems have been one of the most popular targets of hackers and cybercriminals in recent years, that picture is starting to improve at many organizations.
Hospitals are generally getting better at protecting data. Many are updating their health information technology infrastructure and implementing stronger data security measures. These include encryption of all healthcare data stored, two-factor login authentication, and workforce security training programs.
But that road to recovery still eludes some healthcare systems.
To get a better idea of how data is being protected in the healthcare system, VentureBeat spoke to Victor Low, senior director of IT at Q-Centrix, a company specializing in healthcare data management.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Common challenges impacting healthcare data infrastructure
Unfortunately, many hospitals and healthcare centers suffer from symtoms of inadequate data infrastructure, staffing or strategy, Low said.
“These obstacles impede the flow of data sharing, causing it to become much more complex and complicated. As a result, most healthcare systems choose to lock down the data for protection, while overlooking the need for data integration and sharing,” he explained.
There are five common challenges that hospitals and healthcare systems face while managing their data and data infrastructure, Low said. They are:
1. The lack of skilled resources and role-based training
“This includes staff who are properly trained in clinical data collection and management technology. Without these resources, data can be more susceptible to attack and subsequent misuse,” Low said. “Hospital and healthcare systems can make greater investments into these areas to address these issues.”
2. Dated technology, security and documentation
“No MFA (multifactor authentication), SSO (single sign on), no encryption. Without advanced and modern security protections, data is more likely to be compromised in an attack,” Low said.
3. Complex (and confusing) technology architecture
Low pointed out that healthcare systems are especially prone to silos and orphan systems. “Healthcare systems have gone through multiple mergers and consolidation over the past few years. During the course of integration, each healthcare system brings on their existing processes, technologies and personnel,” he explained.
“It takes huge effort and resources to transition from one system to another and, in the interim, existing systems are kept in place as a stopgap. Oftentimes, these stopgaps stay on due to deprioritization or dependencies and, over time, it builds on top of each other and becomes overlooked.”
4. Multiple oversight and regulatory environment/partners involved
“Health systems have their own internal security team and outsource some of the security assessment and/or security work to third parties for best practice. However, these can sometimes result in miscommunication, an overlap of responsibilities and long turnaround,” Low notes.
A solution, he said, is “the forming of a single security and compliance committee, composed of key stakeholders from different areas who get together frequently to create a framework and roadmap. This would help uncover underlying risks and inefficiencies in security and compliance and provide a guiding star to existing and new processes and technologies.”
5. It’s going to take more than just a shot to cure healthcare’s data security woes
Fixing the data security infrastructure for healthcare is going to take a long-term investment in people and technology. “Summing from the above points, any technology improvement/implementation would take multiple-fold of effort, time and resources for healthcare systems to remediate, on top of being a low-margin business,” Low said.
He said to streamline the process, “creating a roadmap and framework for technology implementation and lifecycle” would be a good start.
Another good practice to enforce across a healthcare organization is tracking and monitoring all vendors, holding them to the same standards and process companywide. Low explained this would have a threefold effect, in that it would “significantly cut down the vetting and assessment process for the security and technology team, [take] the guessing work out of the process for different vendors and [reduce] overhead.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.