By Win Reis, Vocera
If endpoint security – especially for smartphones – wasn’t a top-of-mind issue for healthcare IT leaders before, it certainly is now. I’ve spoken with numerous customers who struggle with it and are asking for guidance.
At HIMSS this year I attended the CHIME CIO Forum which included a presentation by Kevin Mitnick, a former black hat hacker. He went to prison for cybersecurity crimes several years ago and now runs a cybersecurity consulting firm that boasts a 100% success rate in penetrating his clients’ networks. The main way he is able to infiltrate his clients’ networks is through what is called “social engineering.” The audience was amazed at how easily he was able to get people to give up information that allowed him to penetrate electronic security layers and access any information he wanted.
Healthcare tends to lag some other industries (such as financial services and manufacturing) in terms of regulatory requirements affecting technology, IT security investment, sophistication of policies, and use of available tools for enforcing policies. At the same time, people’s health information can be worth thousands of times more than their financial information, according to one 2017 Forbes article.
The consequences of a major breach can represent an existential threat to a health care provider’s business. I witnessed this personally several years ago when my local health clinic was broken into and all of their PCs were stolen. Unfortunately, those PCs contained the private medical records of over 100,000 patients in the care network they were part of. After the media frenzy, the care network lost nearly half its customers and was purchased for pennies on the dollar less than six months later.