CHIME Puts Focus On Cybersecurity
By Megan Williams, contributing writer
Hospital CIOs continue to take on the task of ramping up security measures to protect their institutions against the increasing threat of cybercrime.
Taking the lead, the College of Healthcare Information Management Executives (CHIME) in conjunction with the Healthcare Information Management Systems Society (HIMSS) and the Association For Executives In Health Information Security (AEHIS) held a briefing on October 6 titled, “Cybersecurity in Healthcare: The Growing Challenge of Securing Patient Data.”
According to CHIME, “With healthcare now a prime target, it is imperative that industry leaders and government officials work in tandem to minimize the risk of a cyberattack, something that President Obama acknowledged when he designated October National Cyber Security Awareness Month.”
The event targeted leaders across the industry and highlighted patient data protection efforts: “In comments last year on the federal government’s Cybersecurity Framework, which applied to multiple critical industries, CHIME pointed out that healthcare has some distinctive characteristics. These include healthcare’s regulatory environment; the various settings from which care is delivered; the varied resources of small, rural and critical access hospitals; the need to identify financial incentives for investment; and the need to craft policies that do not inhibit health information exchange and mobile health. As a result, CHIME believes that the federal government should work with healthcare stakeholders to develop industry-specific standards for protecting health information from cyber criminals.”
A Partial Solution
Still, most experts believe that cybersecurity is only part of the healthcare information security answer. According to Becker’s Hospital Review, internal threats need to be addressed with the same urgency as external ones.
Insider activity is a growing threat with 45 percent of federal IT agencies reporting being targeted by an insider threat within the last 12 months. Of those targeted, 29 percent lost data as a result of the incident. Amit Kulkarni, CEO of Secure Healing relates the state of the healthcare to an egg: “You normally have a hard shell on the outside. Your typical firewall, intrusion detection system, proxy servers. That's essentially the outer hard shell. What's on the inside? Once you have an employee authorization — whether you are a nurse, physician, technician, someone from IT, a social worker or a volunteer — you pretty much have unrestricted access to any and all patients’ medical records. It’s all gravy.”
Many of these issues are multiplied by the implementation of interoperability standards, since threat actors are granted information across a wider range of platforms.
Organizations will need to consider continuous employee training and consequences against the misuse of protected health information (PHI) if they want to have any real hope of blocking insider threats as technology in healthcare continues to develop.