IT Can Lower Healthcare Costs – But What About Security?

A push for more efficient care and lower costs is driving rapid adoption of information technology in the medical field.

At the recent Healthcare Innovation Summit held in Johannesburg in October, speakers highlighted the potential for e-health to improve patient outcomes, peer-to-peer communication and institution-to-institution transmission of data. But there are significant risks, with speaker Chelesile Moya noting a lack of investment in cyber security in healthcare and vulnerabilities in existing technology.

This is a global problem. Healthcare organisations face two major kinds of IT risk.

  • The first is cyber-attacks like viruses, malware and ransomware that can spread through an organisation in hours, costing millions and potentially putting lives at risk.
  • The second is the release of sensitive patient information, leading to damaged reputations and potential legal liability.

Outdated Medical IT Systems Are Vulnerable To Hacking

As a recent article in The Verge noted, many hospitals, medical centres and doctor’s surgeries are filled with legacy IT equipment. Often these are running old versions of operating systems that haven’t been patched or updated. This is a disaster waiting to happen, as the UK’s National Health Service found in 2017 when it was hit by the WannaCry ransomware attack.

Ransomware is software that encrypts files and locks users out of their own computers, then demands payment in untraceable digital currency. Often such software exploits security loopholes in operating systems like Windows, so software makers regularly release patches and updates. But if the updates haven’t been installed, the computer is open to attack.

In WannaCry and many other cases, attacks started when a single user clicked on an email attachment, unleashing the malware into their own computer and the network it was attached to. At the NHS, the WannaCry attack led to some major hospitals being disrupted for weeks, with appointments and operations cancelled and some hospitals shutting their entire networks down.

IT Risk Assessments – A Vital eHealth Practice

The WannaCry incident was a wake-up call for healthcare organizations. They just can’t afford to ignore basic IT security practices such as keeping operating systems and antivirus software up to date. Regular IT risk assessments to uncover and fix vulnerabilities are non-negotiable. At one public sector organization we assessed, we discovered among many other problems.

Fortunately, the problem is easy to fix – and the costs are a tiny fraction of what could be lost when (not if) things go wrong.

Secure Patient Records And Sensitive Data

As several speakers at the Healthcare Innovation Summit pointed out, including Dr Nomafrench Mbombo from the Western Cape Department of Health, electronic health records have major advantages. Being able to share patient records between doctors, nurses, pharmacists and insurance companies can improve patient care. There may be less chance of missing information about allergies or existing medications, for example, and mobile healthcare apps like Vula can help patients in remote areas to access care from top specialists.

None of these advantages can be fully optimised if they are constantly open to the risk of a sensitive data breach. Patient records are just that – very sensitive personal date – yet many healthcare organisations are not taking serious care to make sure their IT health systems protect patients.

Consider this:

  • What happens if a doctor’s laptop gets stolen?
  • Can patient information be emailed out of the organisation or uploaded to Dropbox?
  • How easy is it for unauthorised users to get access to medical data?
  • General human error “opening holes” in IT systems. Most data privacy breaches were triggered by employee mistakes or unauthorised disclosures, according to research published in JAMA Internal Medicine.

Now consider how simple the solution is: Implementing data protection and compliance solutions such as Galaxkey protect information wherever it is stored. Galaxkey encrypts emails and documents to prevent unauthorised access, is easy to install and – crucially in busy healthcare settings – it’s easy to use.

Therefore, the good news is that while the security risks to e-health are real, it’s also relatively easy to protect against them. We start with a security audit, identify your specific IT security weak points, provide you with the most applicable solution and assist you with the implementation to give your patients and staff peace of mind.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: