With the start of the new year comes many things, new budgets, new thinking, new staff, new patients/clients, new technology and new threats. I thought we in this month’s edition speak a little to medical office vulnerabilities. We have spoken in depth regarding cyber-attacks, data security etc. But this month we would like to talk a little from the practice side of the equation. What do most health care providers and security teams really think are the top worries?
So asking top doctors, here are the three top issues being discussed:
- Patient Information – While most larger practices and healthcare offices have converted their patient records to the cloud, there are still a few of you working from paper files (we need to talk). Those that have made the leap so to speak, are now facing a whole new horizon of issues to contend with. So, gone are the days that a patient comes into the office, walks in the back, grabs their own file and sits down waiting to be called in for their appointment, right? Well not completely, saw it firsthand last week while talking with a potential new client.
One question we are asked a lot socially, “why does someone really want medical records on people”? That can range from obtaining the social security numbers, to general address information, to prescriptions, general health information, employer info for use in identity theft to general treatment information. Sometimes, it is not really the data being used by the thief, but just that the data is a commodity. On average medical information goes for over ten times what credit card information goes for on the black market. That’s right! Patient medical records are more valuable to a crook than your credit card number. That is also why places that collect that type of information as well as ancestry type information ate absolutely the most hack attempted sites and repositories in the world.
Think of what can be done with the knowledge of certain drugs being used in treatments for persons in a specific region, don’t forget some studies have shown that over 80% of the drugs used in the USA, are produced OUTSIDE the USA, so knowing the usage by region and patient can be very valuable to those producing the drugs, protecting the drugs etc.
- Device Usage – this ranges from the iPad you registered with upon arrival to the doctor, to the laptops being used internally, their printers, and even certain medical devices themselves. Remember the story from about a year ago when it was realized the “fit” monitors some military personnel wore, also gave up their geographic location. Why would that matter? Well if your entire army was wearing a fitness band that would give away traceable geographic location, that would be pretty important in understanding troop movements.
Knowing that right now there are an estimated two billion medical sensors/devices being used in offices and in the field, those are all sources of medical and patient information available to be hacked. Even if the device is secure, once it connects to a network that perhaps is not secure, well there goes the data. In most of these instances, no one ever realizes what has happened or where the data leak was. Keep in mind the most recent data breaches within our government right now, went on for months before being realized. Some reports have stated that Department of Defense emails were being read by external forces for approximately six months. Just think of the information from patient medical history to medical payment history could be harvested from a small emergency care facility alone.
- Old Systems and Software – let’s be honest, while a very large percentage of health care providers use the latest and greatest medical equipment and treatment processes, once you get behind the wall a bit and look at payment processing and general CPU ages of the average back office worker’s environment, those are most often overlooked. Between the cost to replace those devices, joined with the expense of front end data collection, the back office is usually the last to get upgraded. Ask this one simple question next time you go into the back office as a medical professional? Is our printer secure? Bet nine times out of ten, most will answer, “don’t know”. Again, think about it, all that money for new desktops, yet no one thought the secure a peripheral device that is connected to your network….
Who manages your network and device updates? Is your cloud backup really a cloud back up? Are all patches up to date on EVERY device that connects to your network? Does anyone know where Nancy’s old laptop even is? Can you tell a difference between the firewall protecting your office from the one next door versus a firewall protecting network management and access?
Some of those examples are silly, but they are real world examples that we see every day.
Here are some interesting facts on medical technology, most coming from Healthcare Weekly:
- In 2016, 52% of hospitals globally were using three or moreconnected health technologies.
- Worldwide, an average of 12% of people said they currently used a connected health device, with a further 12% saying they had formerly used one.
- 47% of companies are expected to expand their use of connected health technologiesover the next few years.
- By 2020, 40% of IoT technologywill be health related.
- 67% of physicians believe smartphone apps that record health and fitness data will deliver better outcomes.
- 80% of physicians are already using smartphonesas part of their professional practice.
- 44% of physicians use their smartphones to communicate with other professionalsin their facility.
- It’s predicted that, by 2020, the average person will own 5 connected devicesthat will have diverse uses, including as a tool for connected healthcare.
- In 2017, 36% of people would use an at-home diagnostic test kitand send the information to a physician.
So, our main point in this month’s article; you practice what you know best – helping patients live a secure and healthy lifestyle. Let your technology partner do what they do best – help you their clients have a secure and healthy network.
If you would like to speak more on ways to better train and support your staff, or want to learn more about securing your network and medical device environment, give me a call.