How CIOs can Keep Healthcare Cybersecurity Intact?

How CIOs can Keep Healthcare Cybersecurity Intact?

Healthcare Tech Outlook | Wednesday, October 16, 2019

Specific to healthcare organizations, issues like Electronic Medical Record (EMR) data leakage, especially sensitive operational like billing disputes and patient dissatisfaction, are some of the cybersecurity threats faced by the medical institutions.

FREMONT, CA: Consider the theft of confidential information belonging to 14,200 people diagnosed with HIV in Singapore or the significant data breaches in the history of Singapore, with over 1.5 million patients of a medical institution affected by it, including the prime minister and several ministers. With its dominant position as one of the fastest-growing digital economies in the world, the region has become a prime target for cyberattacks.

According to a recent study, one of the biggest challenges faced by an organization’s cybersecurity framework is aligning cybersecurity with business priorities. Therefore, it is best if the Chief Medical Officers (CMOs) of healthcare organizations tackle the challenge by linking the costs and benefits of cybersecurity to the value of regulatory compliance. The tactic is especially critical for particular segments that link patient safety and confidentiality and call for more investment in security frameworks within application parameters. The sectors include clinical documentation, medication management, pharmacy, tests, investigations, and critical care support systems. 

Some Common Cybersecurity Threats to Healthcare Institutions in APAC

Specific to healthcare organizations, issues like Electronic Medical Record (EMR) data leakage, especially sensitive operational like billing disputes and patient dissatisfaction, are some of the cybersecurity threats faced by the medical institutions. Furthermore, clinical data comprising sensitive diseases to malign private or public health settings or get hold of VIP data are some of the other risks involved. The healthcare network and workplace-related security menace are no different from those of other industries that include ransomware, phishing, endpoint attacks, and others.

A Few Key Lessons from a Chain of Healthcare-Related Data Breaches

A key lesson to learn from the instances is to determine the significance of having security, not only externally but also within an organization. There is also an increased need for medical officers to have independent cybersecurity auditors in place and to ensure that the audits are carried out frequently. 

The design of data security and internet separation models are becoming more significant in terms of de-risking data in rest. There also needs to be a meticulous scoping of cloud data assets. For cross-application landscapes, data security and accessibility should be governed and designed by information area at a corporate level, not at an individual application level. In addition, from within an organization, an internal employee or contractor inflicted local threats needs to be closely monitored and controlled.

Unseen Areas in the Management of Cybersecurity

One overlooked area by the healthcare medical officers in the management of cybersecurity threats is the application of security in clinical applications. Most large healthcare organizations have a net of operational and clinical systems:

• Patient Administrative System (PAS)
• Ancillary systems for laboratories and pharmacies 
• Finance
• Billing
• Picture Archive and Communication System (PACS)/ Radiology Information System (RIS)

Often the systems are required to exchange the data and security breaches are powerful in:

• Data in motion like interfaces and message queues.
• Context switching, this involves accessing application data, logic, and screen from another application. 

Thus, CIOs should imbibe a robust Development, Security, and Operations (DevSecOps) Strategy in the early hours for health application design.

Administering Increased cybersecurity threats with Concentrated Budgets and Short of Trained Experts

Usually, CIOs are constrained by the lack of trained professionals or reduced budgets, unable to deal with ever-increasing security hazards and incidents. To tackle the issue, information officers need to study the impact of data breaches, both from a financial and personal perspective. In addition, the concern of most healthcare providers about cybersecurity has resulted in their hesitation to venture into cloud-based services. The apprehension, in turn, has a direct cost impact in the administration of a healthcare service provider.

Increasingly, cloud adoption ought to be backed up by the cyber defense and orchestration strategies. The approaches comprise intelligent security operations and constant threat monitoring using a leveraged Security Operations Centre (SOC) model that reduces upfront Capital Expenditure (CapEx). Overall, the strategy provides best of class protection at a spread-out cash flow.

With more healthcare organizations in Asia-Pacific moving past digitization into transformation and rallying with innovation, building a sturdy foundation with security and compliance has become decisive. Embedding privacy and security into all aspects of digital interactions is not an option anymore. The solutions need to be mandated for healthcare organizations as they handle confidential and sensitive data.

Weekly Brief