Just How Safe is Your Healthcare Data?

by Laura Clemons | Feb 21, 2017

We’re in the age of the electronic health record.

But we’re also in the age of cyberattacks, hackers and ransomware.

It seems like a scary world out there for those in healthcare IT. However, in their opening keynote address at the 20th Annual Healthcare Internet Conference, the two presenters tried to alleviate some fears.

Jon Russell, Vice President and Associate CIO at John Muir Health, kicked off the presentation by sharing some mind-blowing stats:

  • In 2008, 9 percent of hospitals had EMRs. Now, 96 percent do.
  • 42 percent of hospitals are using digital health technology to reach patients.
  • 95 million Americans use mobile phones as health tools.

He acknowledged that protecting healthcare data is a big challenge.

“It’s difficult because IT infrastructures are built over time,” Russell says. “Old technology and devices can’t be patched. And you know what they say…you’re only as strong as your weakest link.”

Tim Eades, CEO of vArmour, explained why healthcare data is so valuable for hackers.

“The most valuable thing you have is your healthcare record,” Eades says. “It’s your center of gravity — your blood type, your DNA, all of that. I could buy your social security number for a $1. But healthcare records are special because that’s what hackers want the most. Healthcare is in a vulnerable state. And a lot of times, you don’t have the IT to secure it.”

The statistics that Eades shared were startling:

  • Data breaches in healthcare totaled more than 112 million records in 2015.
  • Hospitals are hit with 88 percent of all ransomware attacks.
  • In 93 percent of all data breaches, it only took hackers minutes or less to compromise the system.

Eades said that hosting information in multiple clouds — and moving away from storing information in physical places — was an important step. In addition, he also recommended segmenting data for an extra layer of protection.

One slide showed a few questions marketers could talk to their IT and CIO about. Let’s take a look:

  1. What are our most critical and/or regulated workloads and applications?
  2. Where and how are these critical systems connected?
  3. How have we separated and segmented the network?
  4. How does this segmentation protect our critical applications and data?
  5. How do these controls reduce the opportunity for an attacker to move laterally through our environment?

One attendee asked how he could protect his own healthcare information.

“Make sure your record is with the right hospital,” Russell says. “It’s only as good as the controls around it. You’re at the mercy of the organization.” 

Popular Tags


Subscribe to Blog Updates

Subscribe to the GreyMatters NewsLetter