With the increased focus on the importance of cybersecurity in the health care industry, it is important to think of a more holistic approach to address the industry’s pain points when managing the massive amounts of data are generated at an incredible pace every day. This growing challenge calls for an immune system approach to security.
According to the IBM X-Force Threat Intelligence Index for 2017, health care is plagued by a high number of security incidents, with SQL injection (SQLi) and OS command injection (CMDi) attacks representing a combined 48 percent of attacks in 2016. Health care records are always a top prize for cybercriminals and are widely sold on the Dark Web.
Markets and Markets reported that the global health care analytics market is expected to exceed $24.55 billion by 2021, from $7.39 billion in 2016, at a CAGR of 27.1 percent. This growth is mainly driven by factors such as increasing initiatives to enhance electronic medical record (EMR) adoption, lower health care spending and improve patient outcomes.
Moreover, the use of analytics in personalized medicine and an increased focus on value-based care, cloud technologies, telemedicine and social media has provided significant growth opportunities in the market. However, this comes with a strict requirement to keep private health information (PHI) secured and protected.
Top Pain Points for Health Care Security
As we see technology in health care advance rapidly, it is timely to take a closer look at the most pressing business issues that impact security.
Securing Medical Records
EMRs are the digital way to create, maintain, access and store health information. The use of this technology is heavily encouraged to access patient records in an effective, efficient manner and to improve patient safety. However, implementation of EMRs comes with a significant set of complex issues that need to be addressed. IT professionals must manage enormous amount of data, determine access levels for end users and privileged users, perfect security processes and train employees to follow them. Additional complexity arises for large health care systems with facilities in multiple locations.
Rising IT Costs
Organizations strive to balance their mandate to provide high quality of care to patients while keeping the cost of IT systems down. Many are turning to cloud computing to efficiently archive and use patient records and medical images, streamline collaboration among providers and achieve significant savings on data management and storage.
It is critical to address health care compliance issues and responsibilities. Health care providers, payers and life sciences organizations have a strict mandate to provide optimal services for patients. However, they must also ensure that employees, policies, processes and adopted IT solutions follow regulations and guidelines set by governmental and corporate entities, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) in the U.S., the General Data Protection Regulation (GDPR) in the EU, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and others in different geographies.
Interoperability of IT Systems
Improved patient care depends heavily on the accessibility of relevant data at time of care. When 80 percent of important data is unstructured, it becomes invisible in most IT systems. Data in health care can be complicated and proprietary, and organizations hire specialists to extract data, normalize it and add it to a single common database.
We can see examples of this complexity in population health platforms, medical images reports, and billing and coding systems. Companies still struggle to pull data from many sources, and they need to develop common data models. But there are massive privacy and security issues in sharing medical data.
New Medical Technologies
Telemedicine is the remote delivery of health care services for assessments and consultation. It began in rural, underserved areas where access to physicians, particularly specialists, was limited. While it is a great system to adopt, one of the main challenges surrounding its security is the extent of data spread beyond the boundaries of an individual location and IT system.
Mobile health is another fairly new channel in health care delivery that is used to track fitness, nutrition, wellness and self-testing for attributes such as weight, heart rate and calories burned. In addition, physicians are using mobile health to access medical records, assess patient data through sensors, conduct disease management and administer drugs. Wearables and wireless portable medical devices such as pacemakers and insulin pumps have also emerged to send more data to multiple destinations. The potential for these devices to help health care professionals is endless, but there are still deep concerns surrounding data security.
A New Immune System for Health Care
IBM has designed the Health Care Security Immune System to address specific industry concerns and map with integrated services and products to prevent, detect and respond to cyberattacks in health care. To cite a few examples, Guardium Data Activity Monitor prevents unauthorized access to medical records, alerts on changes or leaks to help ensure health data integrity, and automates compliance controls. MaaS360 enables and secures mobile devices, apps and content in health care organizations with a comprehensive enterprise mobility management solution. Finally, the X-Force Exchange is IBM’s threat intelligence platform that enables shared research on incidents, aggregation of intelligence, and collaboration among health providers, payers and life sciences companies.
As cyberattacks become more sophisticated and evolve, static technologies won’t be able keep up because siloed solutions fragment those defenses. It takes intelligence and precision to stop cyberattacks and unknown threats.
IBM is leading in a new era of enterprise security with the industry’s first cognitive security operations center (SOC) platform, powered by Watson for Cyber Security. This innovative, end-to-end security architecture leverages advanced cognitive technology to provide rapid and accurate security insights and responses across endpoints, networks, applications, cloud, data, mobile devices and users.