While hospitals and healthcare systems have been one of the most popular targets of hackers and cybercriminals in recent years, that picture is starting to improve in many organizations. Hospitals are generally getting better at protecting data. Many are updating their health information technology infrastructure and implementing stronger data security measures. These include encryption of all healthcare data stored, two-factor login authentication, and workforce security training programs.
Unfortunately, many hospitals and healthcare centers suffer from symptoms of inadequate data infrastructure, staffing, or strategy. These obstacles impede the flow of data sharing, causing it to become much more complex and complicated. As a result, most healthcare systems choose to lock down the data for protection, while overlooking the need for data integration and sharing
There are five common challenges that hospitals and healthcare systems face while managing their data and data infrastructure, They are:
The lack of skilled resources and role-based training
This includes staff who are properly trained in clinical data collection and management technology. Without these resources, data can be more susceptible to attack and subsequent misuse, Hospital and healthcare systems can make greater investments into these areas to address these issues.
Dated technology, security, and documentation
No MFA (multifactor authentication), SSO (single sign-on), no encryption. Without advanced and modern security protections, data is more likely to be compromised in an attack.
Complex (and confusing) technology architecture
Low pointed out that healthcare systems are especially prone to silos and orphan systems. Healthcare systems have gone through multiple mergers and consolidations over the past few years. During integration, each healthcare system brings on its existing processes, technologies, and personnel.
It takes huge effort and resources to transition from one system to another and, in the interim, existing systems are kept in place as a stopgap. Oftentimes, these stopgaps stay on due to deprioritization or dependencies, and, over time, it builds on top of each other and becomes overlooked.
Multiple oversights and regulatory environment/partners involved
Health systems have their internal security team and outsource some of the security assessment and/or security work to third parties for best practice. However, these can sometimes result in miscommunication, an overlap of responsibilities, and a long turnaround.
A solution is the forming of a single security and compliance committee, composed of key stakeholders from different areas who get together frequently to create a framework and roadmap. This would help uncover underlying risks and inefficiencies in security and compliance and provide a guiding star to existing and new processes and technologies.
It’s going to take more than just a shot to cure healthcare’s data security woes
Fixing the data security infrastructure for healthcare is going to take a long-term investment in people and technology. Summing from the above points, any technology improvement/implementation would take multiple-fold of effort, time, and resources for healthcare systems to remediate, on top of being a low-margin business. creating a roadmap and framework for technology implementation and lifecycle would be a good start.
Another good practice to enforce across a healthcare organization is tracking and monitoring all vendors, holding them to the same standards and process companywide. Low explained this would have a threefold effect, in that it would significantly cut down the vetting and assessment process for the security and technology team, [take] the guessing work out of the process for different vendors and [reduce] overhead.