If you’re a healthcare CIO or CISO, you already know that cybercriminals are targeting protected health information (PHI). A recent report shows that stolen PHI can sell for as much as $1,000 per record on the Dark Web. The value of patient records has driven a surge of attacks targeting healthcare organizations. 2020 saw a 25% increase in healthcare data breaches, with more than 29 million records exposed. It’s no longer a question of if you will face a breach, but when.
I’ve had hundreds of conversations with healthcare CIOs and CISOs throughout my career, and one of the biggest challenges I’ve heard has to do with preventing PHI breaches. Despite massive spending on cybersecurity tools, organizations are still unable to protect patient data. This, in large part, is driven by the simple fact that the cybersecurity solutions available today are largely adopted from other industries and not designed to work within the complex clinical workflow of the modern healthcare provider. Said differently, conventional cybersecurity is most often designed to protect the infrastructure (i.e., perimeter, network, endpoints, or servers) rather than patient information deep within and across the clinical workflow.
During my time on the Health Care Industry Cybersecurity Task Force, we talked through this issue with protecting PHI in clinical workflow and the need for tools that give visibility into vulnerabilities that everyone knows exist but are extremely difficult to find. Most solutions focus on keeping threat actors out or defending the system (i.e., perimeter or network defenses), rather than identifying and managing the risk to PHI. The high degree of variability in the types of unstructured PHI content (e.g., discharge notes, consults, referrals, etc.) add to the complexity and thoroughness required to better protect PHI.
Better protecting PHI requires better securing the clinical workflow itself, including the devices, applications and individuals that operate inside of it. The actions of clinicians, academic researchers, patients, administrators, and healthcare vendors create a broad range of data vulnerabilities that are hidden within the clinical workflow and outside the purview of existing cybersecurity solutions.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Source: Hitconsultant