The security challenges of digital health

Singapore, August 10, 2016

The security challenges of digital health
Digital health poses data security risks that cannot be ignored
·   Healthcare organisations can protect medical records and devices from loss or theft using two-factor authentication and encryption
·   Educating employees on best practices in data security will help to mitigate security risks
Digital health offers many benefits for healthcare providers, patients and governments alike, whether it’s enabling patients to consult a doctor remotely, or tapping big data to understand and control the spread of diseases.
However, digital health also poses risks that cannot be ignored. For one thing, converting information once stored primarily as physical records – doctor’s notes, x-rays, test orders and so on – into digital data that can be shared with anyone anywhere in the world raises privacy and security alarm bells by default.
Hackers can exploit loopholes in IT systems to access all that information remotely, even if the clinic or hospital door is locked tight.
Making matters worse is the exponential growth in the volume of health-related data, which is increasing by 48 per cent a year and could reach 2,134 exabytes by 2020.
And with personal information about people’s health no longer stored by just doctors and insurance firms but by a wide range of new devices like fitness trackers, smartphones and smart watches, the risks of data losses and thefts are further increased.
Indeed, according to Verizon’s 2016 Data Breach Investigations Report, one of the biggest data security threats in healthcare comes from loss or physical theft of assets as well as actual paper documents. Another major threat comes from so-called privilege misuse, which involves employees abusing or misusing their data and device access privileges.
But whatever the cause of a healthcare-sector IT security lapse may be, the repercussions can be costly and long lasting. A recent computer virus at one of the largest hospital networks in Melbourne, Australia, did more than damage IT systems: it caused “chaos for staff and patients”, according to The Age newspaper.
The lure of health data
So why is all of this healthcare information so valuable? Healthcare providers and pharmaceutical firms are big organisations that handle billions of dollars in transactions every year. Besides financial data, they also deal with another critical type of information: identities.
Armed with other people's identifying data – birth dates, government-issued IDs, insurance policy numbers and so on – criminals can buy medications or equipment for resale, or can file false claims for expense reimbursements. Such illicit uses can prove highly profitable.
The problem is aggravated by another factor: given the choice between investing in improved medical services and equipment for better care or in improved cybersecurity, many healthcare organisations opt to spend more on things that directly improve patient care. This not only increases the chances of data losses and breaches but makes it less likely such incidents will be discovered and fixed quickly.
Keeping healthcare data safe
Against this backdrop, how can IT departments at hospitals, insurance companies and similar organisations mitigate the security challenges of digital health?
For a start, healthcare organisations need to carefully monitor and guard all aspects of data privacy and security. That includes protecting physical records and devices from loss or theft, using multiple forms of digital security like two-factor authentication and encryption, and ensuring practices are compliance-driven to avoid the risk of fines and legal penalties.
It’s also vital to educate employees and partners about best practices in online and data security, teaching them to recognise phishing scams and other kinds of tricks that malicious actors can use to obtain passwords and access to computerised systems. As the analyst firm Gartner noted in a recent study, healthcare security has to be “a game of offense”.