From the January/February 2018 issue of HealthCare Business News magazine
HealthCare Business News recently spoke to Seana-Lee Hamilton, manager of information privacy and privacy officer at Fraser Health Authority, regarding cybersecurity and the need to maintain patient privacy and protect health care information.
HCB News: What are the major cybersecurity threats that health care organizations face right now?
From another literacy-level view, one of the biggest areas we can't control is phishing, and this is how many ransomware attacks and other items are originating. Employees must understand how phishing works and how their actions affect the network. A basic understanding starts with emphasizing that the service desk will never ask you for your user ID and password.
Health care is different and more vulnerable to cyber events because of the advanced technical tools utilized, including diagnostic and imaging tools, as well as biomedical equipment. For instance, our medical imaging equipment, our CT scanners and our MRI machines are all very advanced, technical units, and the technology involved affords a vulnerability, and thereby, must be strategically checked.
Health care organizations must have policies and assessments in place for patches and security upgrades for clinical information systems and EHRs. Security and privacy professionals must look at these systems and ensure all necessary security upgrades are complete.
These systems also introduce the insider threat to protecting patient data. Hospitals must know who is accessing patient data and why. Auditing patient data access is the only way to truly understand how patient data is being accessed, providing an opportunity to better protect that data. To get a true look at this data, technology must be implemented. We use Security Audit Manager from Iatric Systems to show us a clear picture of how patient data is being accessed, so we can properly address any issues.