siliconindia | | May 20189Implementing Consumer ToolsSm+artphones aren't only in the hands of clinicians. Pa-tients are also eager to connect with healthcare through taps and swipes. However, safely and securely imple-menting consumer facing apps that touch vast amounts of healthcare data and actually provide value to the patient presents its own set of concerns. The increased traffic and access to data increases the likelihood of a breach if suf-ficient controls are not in place on the device or within the app. Connecting apps together and sharing data between them also presents many security issues that must be re-solved in the development process. A strong expectation of vendors to uphold your security requirements as well as reviews of their Secure Software Development Life Cycle (SSDLC) programs are important parts of making application purchase decisions.Internet of Things (IoT) LeakageIoT devices are entering healthcare at an increasing rate. Many of these devices lack needed encryption or have potential fail points that can be exploited by crafty cybercriminals. In order to make certain that patients' data (and the patients themselves) are safe from this type of leakage requires a set of security standards that the industry doesn't yet have. Without standards these devices will continue to be developed in isolation, which only increases the chances that proprietary code can't be efficiently monitored by cybersecurity professionals. I've long advocated for stand-ards for data exchange, but similar at-tention needs to be payed to secu-rity. If you can't monitor devices consistently and appropriately they'll easily become revolving doors for cybercriminals to enter your organization.Government InvolvementAn increasing number of public sector cyberattacks have hastened the cybersecurity conversation by legislators and investigative agencies--that's very promis-ing. More than ever, it's time for the government to work with the healthcare industry in a collaboration that can help to reduce cyber risks. Together we can look at the problem holistically, and put prac-tices in place that support each other while identifying criminals and appropriately penalizing them. Recently there has been media chatter about the new administration's thoughts on cybersecurity for the nation; healthcare needs to hold its place at the table, making sure that security policy helps rather than hampers healthcare organizations.Whether or not the Accountable Care Act is disman-tled in the coming months won't significantly change cy-bersecurity in healthcare. The need to protect the mas-sive amounts of data with which we are entrusted has always been and remains critical. In the past, decisions about cybersecurity were largely made in the data center, but today those decisions are more often guided by board expectations and overall risk tolerance. As the industry contin-ues to look for ways to increase access to safe, quality care, technology will be a major player. That's why it's important for healthcare CIOs and CISOs to educate other executives, employees, and consumers about the importance of a sound cy-bersecurity strategy that moni-tors, detects, and mitigates the risk of cyberattack. Cyber-security is a collaborative effort that involves IT, the business, the patient, car-egivers, and the govern-ment. If we can educate and promote best practices amongst those players, than we're likely to con-tinue moving healthcare forward, increasing ac-cess and safety while de-creasing costs. Failure to create secure processes and systems will only continue to increase costs and risk, and reduce access. Marc ProbstAn increasing number of public sector cyberattacks have hastened the cybersecurity conversation by legislators and investigative agencies--that's very promising
< Page 8 | Page 10 >