The Risk Of Virtual Viruses In The Race To Modernize Healthcare
By Dennis Bonilla, executive dean for the College of Information Systems and Technology with University of Phoenix and Dr. Eve Krahe, dean of graduate programs for the School of Health Services Administration and College of Health Professions with University of Phoenix
A viral outbreak of epidemic proportions is disrupting medical services across the country, most recently stalling procedures and causing delays at MedStar, a community-based health system in Washington, D.C. Similarly disrupted was a hospital in Kentucky, declaring an “internal state of emergency” due to a virus, while a Southern California hospital paid $17,000 to cure a virus earlier this year.
These problems weren’t caused by a biological virus.
In each of these cases, it was a virtual virus that infected each organization’s data systems, rather than infecting the patients being treated in those systems. Healthcare data has quickly become a popular target for cybercriminals. While a somewhat new phenomenon, attacks on health data alone accounted for 37 percent of all data breaches in 2014, marking the fourth year in a row the health sector saw more cyber-attacks than any other. And the healthcare industry experienced more data breach incidents than the retail, educational, and financial sectors combined.
The substantially higher number of attacks on the healthcare industry, compared to other industries, is due to the fact that individuals’ healthcare information is among the most sensitive and thus vulnerable, making it extraordinarily valuable to cyber criminals. With a single breach, cybercriminals can extract Social Security numbers and birthdates to open false bank accounts and credit cards, personal information to falsify identities to purchase drugs and medical equipment, and patient provider numbers to file false insurance claims.
Just as there are many motives for cybercriminals to target medical information, there are many points of entry for them to attempt to access this data. For example, hospitals and health insurance providers are moving toward cloud-based records systems to help streamline access to medical records for doctors, nurses, administrators and patients. But, in some cases, cloud-based technology can provide virtual entry points that can be accessed from anywhere if it’s not adequately protected.
While there are numerous conversations occurring across the sector about how technology is modernizing healthcare, it is vital that advances in technology are accompanied by advances in security. It is a dangerous proposition to modernize healthcare without modernizing healthcare systems. In addition, healthcare systems cannot be safely modernized without simultaneously modernizing the healthcare workforce by equipping them with the skills to tackle the new security challenges of the 21st century.
Both the healthcare and information security industries are experiencing unprecedented staffing shortages, making these cyber-attacks especially frightening. The 2015 Global Information Security Workforce Study found that the information security workforce will be short by 1.5 million professionals in the next five years, while the U.S. Bureau of Labor Statistics Career Outlook estimates roughly 3.8 million healthcare jobs will need to be filled in the decade between 2014 and 2024.
Responding to these attacks by training a workforce of healthcare and cyber security experts must become our immediate imperative. To mitigate and protect against these vulnerabilities, we must ensure that we’re building, sustaining and retaining a pipeline of professionals equipped with the skills necessary to protect healthcare data. We must train professionals through a multiāstakeholder approach that supports collaboration across sectors, and it starts with higher education.
As leaders in education, we must work with healthcare administrators, clinicians and cyber security experts in aligning our curricula to ensure students are prepared to protect health data systems starting their first day on the job. This includes arming IT professionals with the latest training in defending against cyber-attacks, and health professionals with the latest best practices on how to securely operate health data systems and identify risks before they happen.
While challenges exist, the good news is that today nearly seven in 10 U.S. adults trust the healthcare industry with their personal data, according to a University of Phoenix College of Information Systems and Technology survey. To uphold this trust, we must invest in the intellectual capital to keep healthcare systems and patient data secure.
As the old adage goes, any good doctor knows that an ounce of prevention is worth a pound of cure. The same goes for any good cyber security expert. It is crucial that we begin preventing major cyber security breaches through increased training that both prepares healthcare professionals to handle new data systems and prepares IT professionals to confront new threats and challenges in protecting this private medical data.