Light Dark
May 5, 2017 By Salwa Rafee 4 min read
Healthcare
Data Protection

With the increased focus on the importance of cybersecurity in the health care industry, it is important to think of a more holistic approach to address the industry’s pain points when managing the massive amounts of data are generated at an incredible pace every day. This growing challenge calls for an immune system approach to security.

According to the IBM X-Force Threat Intelligence Index for 2017, health care is plagued by a high number of security incidents, with SQL injection (SQLi) and OS command injection (CMDi) attacks representing a combined 48 percent of attacks in 2016. Health care records are always a top prize for cybercriminals and are widely sold on the Dark Web.

Markets and Markets reported that the global health care analytics market is expected to exceed $24.55 billion by 2021, from $7.39 billion in 2016, at a CAGR of 27.1 percent. This growth is mainly driven by factors such as increasing initiatives to enhance electronic medical record (EMR) adoption, lower health care spending and improve patient outcomes.

Moreover, the use of analytics in personalized medicine and an increased focus on value-based care, cloud technologies, telemedicine and social media has provided significant growth opportunities in the market. However, this comes with a strict requirement to keep private health information (PHI) secured and protected.

Top Pain Points for Health Care Security

As we see technology in health care advance rapidly, it is timely to take a closer look at the most pressing business issues that impact security.

Securing Medical Records

EMRs are the digital way to create, maintain, access and store health information. The use of this technology is heavily encouraged to access patient records in an effective, efficient manner and to improve patient safety. However, implementation of EMRs comes with a significant set of complex issues that need to be addressed. IT professionals must manage enormous amount of data, determine access levels for end users and privileged users, perfect security processes and train employees to follow them. Additional complexity arises for large health care systems with facilities in multiple locations.

Rising IT Costs

Organizations strive to balance their mandate to provide high quality of care to patients while keeping the cost of IT systems down. Many are turning to cloud computing to efficiently archive and use patient records and medical images, streamline collaboration among providers and achieve significant savings on data management and storage.

Compliance Mandates

It is critical to address health care compliance issues and responsibilities. Health care providers, payers and life sciences organizations have a strict mandate to provide optimal services for patients. However, they must also ensure that employees, policies, processes and adopted IT solutions follow regulations and guidelines set by governmental and corporate entities, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) in the U.S., the General Data Protection Regulation (GDPR) in the EU, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and others in different geographies.

Interoperability of IT Systems

Improved patient care depends heavily on the accessibility of relevant data at time of care. When 80 percent of important data is unstructured, it becomes invisible in most IT systems. Data in health care can be complicated and proprietary, and organizations hire specialists to extract data, normalize it and add it to a single common database.

We can see examples of this complexity in population health platforms, medical images reports, and billing and coding systems. Companies still struggle to pull data from many sources, and they need to develop common data models. But there are massive privacy and security issues in sharing medical data.

New Medical Technologies

Telemedicine is the remote delivery of health care services for assessments and consultation. It began in rural, underserved areas where access to physicians, particularly specialists, was limited. While it is a great system to adopt, one of the main challenges surrounding its security is the extent of data spread beyond the boundaries of an individual location and IT system.

Mobile health is another fairly new channel in health care delivery that is used to track fitness, nutrition, wellness and self-testing for attributes such as weight, heart rate and calories burned. In addition, physicians are using mobile health to access medical records, assess patient data through sensors, conduct disease management and administer drugs. Wearables and wireless portable medical devices such as pacemakers and insulin pumps have also emerged to send more data to multiple destinations. The potential for these devices to help health care professionals is endless, but there are still deep concerns surrounding data security.

A New Immune System for Health Care

IBM has designed the Health Care Security Immune System to address specific industry concerns and map with integrated services and products to prevent, detect and respond to cyberattacks in health care. To cite a few examples, Guardium Data Activity Monitor prevents unauthorized access to medical records, alerts on changes or leaks to help ensure health data integrity, and automates compliance controls. MaaS360 enables and secures mobile devices, apps and content in health care organizations with a comprehensive enterprise mobility management solution. Finally, the X-Force Exchange is IBM’s threat intelligence platform that enables shared research on incidents, aggregation of intelligence, and collaboration among health providers, payers and life sciences companies.

As cyberattacks become more sophisticated and evolve, static technologies won’t be able keep up because siloed solutions fragment those defenses. It takes intelligence and precision to stop cyberattacks and unknown threats.

IBM is leading in a new era of enterprise security with the industry’s first cognitive security operations center (SOC) platform, powered by Watson for Cyber Security. This innovative, end-to-end security architecture leverages advanced cognitive technology to provide rapid and accurate security insights and responses across endpoints, networks, applications, cloud, data, mobile devices and users.

Learn what the IBM Health Care Security Immune System can do for your business

 |  |  |  |  |  |  | 
Salwa Rafee
Healthcare & Life Sciences Security Business Leader, IBM

More from Healthcare
October 29, 2024

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

September 26, 2024

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

September 18, 2024

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature