Protecting Your Patients and Their Personal Data

There are lot of common misconceptions about cybercrime. A particularly damaging one is thinking it could never happen to you.

As a healthcare organization, you have your patients' personal data on file. In the HIMSS Cybersecurity Survey report, 74% of respondents from healthcare organizations shared they experienced significant security incidents over the last year.

And the personal data in medical histories can be used by hackers to submit fraudulent insurance claims, buy and sell medical supplies, medical equipment and medication, forge your identity and even forge your doctor’s identity.

When people ignore basic cybersecurity practices, like keeping their software updated and their devices secured, it’s an open invitation for hackers. Think about it: you secure other valuables—why not your personal data?

“We still need to protect our physical property from theft and, as before, we still need to protect our information from theft or misuse,” said Rod Piechowski, MA, vice president, thought advisory with HIMSS. “I’d argue that the stakes today are higher than ever, and while we must depend on each other to keep a watchful eye open, the very abstract nature of information security makes it a challenge to teach people what to look for.”

The HIMSS Cybersecurity Survey report also found that most respondents provide security awareness training to staff once a year. While regular training is a step in the right direction, training staff—the first line of defense—more often can help keep your organization, your patients and their personal data safer.

HIMSS’s health information and technology cybersecurity podcast, Code Red, focuses on cybersecurity challenges facing healthcare today and tomorrow, featuring the voices of the people on the front lines. Here are a few stories covered in the podcast that will remind you about the importance of preventing cybercrime and protecting personal data.

Security and the Patient Experience

Every person has a role to play in preventing cybercrime. When you don’t take it seriously, everyone is at risk. In care delivery settings, that means patients are at risk, too.

Dan Dodson, president of Fortified Health Security, sat down to talk about how security impacts the patient experience with Code Red. He shared that it’s important for health systems to look at the entire patient experience, which includes protecting patients’ personal data.

He added that the best place for health systems to start is to train employees to create a culture that is aware of the sensitivity around patient data. Hear more about this and learn how a solid security plan can help build patient trust.

Hospital Staff Targeted in Complex Patient Care Scenario

Imagine you are pulling a long shift at the hospital when you receive a threatening message from someone claiming to be associated with a well-known hacktivist group. The message indicates knowledge of a complex legal case regarding a patient or client, accompanied by a list of demands for staff to comply with—and a list of threats for not complying.

What would you do if you received a message like this? How would you address invalid claims about patient negligence, accompanied by serious threats?

Here’s one story about how a children’s hospital faced a cyberattack that put the entire organization at risk.

Why Securing Connected Medical Devices Matters

With chronic disease incidences increasing rapidly, the demand for connected medical devices grows steadily—along with accompanying cyberthreats. These dangers rise significantly in older devices built without security in mind.

“In order for medical devices to provide real value, they need to be connected—more connected than they were in the past,” said George Gray, chief technology officer and vice president of research and development at Ivenix.

Gray shared guidelines based on his own experience working to help protect networked medical devices, emphasizing the need for security to be built into the design from the beginning, as well as the end user’s accountability. “If you can control one device on the network, you can probably control the network at some point,” Gray said. Hear more from Gray on how to protect your organization’s medical devices in the podcast episode below.

 

Be the Change

March 9–13, 2020 | Orange County Convention Center | Orlando, Florida

The world of health information and technology is evolving—and so is HIMSS. Find out what's next for health and be part of the transformation at the HIMSS Global Health Conference & Exhibition.

Register Now