Page 12

Health System Management • January 2017

“data hygiene” throughout an organization, Nanji told Health System Management. “It is not a simple task; there is not a single button you can flip on and say, ‘I am secure,’” he warned. “All of your employees should understand that opening a single email can result in a catastrophe if it comes from the wrong person. It can automatically download malware that can infiltrate your system.” Such infiltrations can be highly stealthy — lying in wait within a system, timed to do their dirty work at some predetermined future date. Using the analogy of a big, old house that allows air to escape from a lot of places, Nanji said that healthcare systems must plug up the holes that allow security leaks. “There are holes in your system that must be monitored right now, and there will be new holes and leaks requiring your attention on a regular basis.” Yet Nanji said that with a high degree of vigilance, it is possible to guard against attacks. “It is complicated but it can be done. A lot of effort, many layers of technology, tools in both in software and hardware go into it.” This means that healthcare must be consistent about conducting thorough risk assessments on a regular basis. “This cannot be a perfunctory risk analysis. This is not a compliance checklist PRIVACY/SECURITY HEALTH SYSTEM MANAGEMENT | JANUARY | 2017 patient. There must be a commitment by senior executives that, ‘Yes, we really have to consider that information security is equivalent to patient security.’” ATTACKS INCREASING It has been estimated that cyberattacks on healthcare grew from 57 major attacks in 2015 to 93 in 2016.1 This number will likely climb in 2017, given the extreme value of information that can be stolen. According to a 2015 report by NPR, medical records earn about 50 times more on the black market than Social Security or credit card numbers, because they provide information that simplifies and fast-tracks identity theft.2 Whereas multiple credit card numbers can be bought for hundreds of dollars, the same number of Medicare IDs commands thousands of dollars.3 Stolen medical records make for lucrative trade — and often of the international kind. Many healthcare attacks are launched from outside the U.S. by highly sophisticated cyberattackers. A Chinese cyberattack organization (Deep Panda) is thought by some experts to have launched a 2015 attack on Anthem, the nation’s second-largest health insurer. In that one massive assault, cyberthieves stole the addresses, employment information and Social Security numbers of almost 80 million past and current customers and employees.4 The disturbing truth is that the effort to maliciously access healthcare information is so robust and persistent that a 2016 report by the Institute for Critical Infrastructure Technology revealed that almost 50% of the U.S. population has had personal health data compromised.5 SECURING DATA These alarming numbers all add heft to the imperative for developing and perfecting good “It is not a simple task; there is not a single button you can flip on and say, ‘I am secure.’” Feisal Nanji WEBEXTRA For additional tips on how to protect your patient data, read “Why Healthcare Organizations Need to Improve Cybersecurity” at www. HealthSystemMgmt.com ADVANCE 12 WWW.HEALTHSYSTEMMGMT.COM


Health System Management • January 2017
To see the actual publication please follow the link above