IT Matters - The need to mitigate data breaches and cyberattacks

June 07, 2017
Cyber Security Health IT
From the June 2017 issue of HealthCare Business News magazine

By Sanjaya Kumar and Chandrashekar Bilugu

Today’s health care industry depends on information systems – from clinical applications such as EMR/CPOE systems, to specialized radiology, pharmacy, laboratory systems, to billing and scheduling systems, etc.

The accessibility of data and interoperability from such systems is resulting in increased productivity, efficiency, improved quality of care and ensuring safe patient care.

DOTmed text ad

Reveal Mobi Pro now available for sale in the US

Reveal Mobi Pro integrates the Reveal 35C detector with SpectralDR technology into a modern mobile X-ray solution. Mobi Pro allows for simultaneous acquisition of conventional & dual-energy images with a single exposure. Contact us for a demo at no cost.


Health care organizations are a top target for hackers due to their inherent vulnerability, with cyberattacks becoming more focused and sophisticated. Health care records are a treasure trove of data for identity thieves. Health records are popular targets for their high potential for exploitation through identity theft, insurance fraud, stolen prescriptions, ransom attacks and dangerous hoaxes.

According to Reuters, on the black market, medical information is sold for more than 10 times your credit card number. Continuous dependency on information systems also makes health care organizations prime targets for ransomware attacks. The “wannacry” attack encrypted key patient data within hospital systems, crippling operations.

Several assessments and surveys have highlighted that health care organizations in the U.S. are at great risk today for cyberattacks and there are limited mitigating safeguards in place to ensure continuity of operations. It has also been highlighted that investments to safeguard systems and data by health care organizations come at an increasingly exorbitant cost in the era of shrinking margins. However, with significant HIPAA fines and penalties being enforced for PHI data breaches and noncompliance with established standards, health care organizations are left with few choices but to enforce compliance and strengthen key processes to plug vulnerabilities and mitigate cyberattacks.

There are nearly 250 HIPAA privacy and security controls that require continuous monitoring by covered entities and their business associates (who, in turn, are now also liable for inadvertent exposure of PHI).

• The top three major gaps in processes and failures at health care organizations are related to: * Not establishing and maintaining required documentation (49.4 percent).* Lack of evidence of adequate data and information management (26.5 percent).Lack of notification, training and responsiveness (10.5 percent).

Data on breaches also highlight that data security failures originate from both inside and outside of the organization given the dependency on a varied number of business associates and vendors that health care organizations contract with.

You Must Be Logged In To Post A Comment