The Future of Healthcare Data Security Threats

The proliferation of electronic health records (EHRs) has allowed physicians to consolidate and share critical medical data with personnel at other facilities, allowing staff members to provide better treatment to their patients. However, the downside to these databases is the increased risk posed by cyberthieves. Recent reports suggest the healthcare industry as a whole has thus far been unable to properly defend itself against this threat. A study conducted by the Ponemon Institute discovered that 94 percent of healthcare organizations have experienced at least one data breach over the course of the past two years. Furthermore, 45 percent reported that they had witnessed more than five incidents in that same timeframe.

The Health Information Trust Alliance's recent study "A Look Back: U.S. Healthcare Data Breach Trends" concluded that, after some initial gains, data security improvement seems to have tapered off.

"While the good news is that reportable breaches do not appear to be becoming any more pervasive, the bad news is that the industry's progress appears to be slow," the report stated.

Looking to the future
The future could provide even greater challenges for healthcare professionals. Security expert Ralph Echemendia recently addressed the issue of medical data vulnerability at a conference in Cambridge, Maryland, according to TechTarget. The proliferation of cloud storage networks and virtualization has created new risks for hospital cybersecurity systems. Echemendia and other security experts present at the conference suggested that healthcare IT teams plan for several emerging threats:

• Insecure supply chains open the door for counterfeit medical devices to make their way into hospitals. These products can be easily compromised.

• State-sponsored hacker groups have been targeting critical infrastructure for years. Although the healthcare industry has so far been spared from these attacks, that could easily change.

• Hospitals have many business associates who could easily pose a security threat, either wittingly or not. Although the task is massive, CIOs need to take every effort to control access and perform comprehensive risk assessments.

Protecting medical data against attacks
Even if proper precautions are taken to address these threats, hackers may still gain access to a hospital's network, making mitigation efforts essential. Data encryption software can prevent cybercriminals from accessing patient files and compromising sensitive information.

"We should not expect any organization to never have a data breach," said Debbie Wolf, principal at Booz Allen Hamilton, reported TechTarget. "I think that there are incidents happening every day … if you can use technology to minimize the risk, minimize the breaches, get them down to the lowest possible number [of breaches and patients affected], you're doing due diligence. If you have the expectation that you're going to shut things down, shut the door and it will never happen, I think you're being unrealistic."