A push for more efficient care and lower costs is driving rapid adoption of information technology in the medical field.
At the recent Healthcare Innovation Summit held in Johannesburg in October, speakers highlighted the potential for e-health to improve patient outcomes, peer-to-peer communication and institution-to-institution transmission of data. But there are significant risks, with speaker Chelesile Moya noting a lack of investment in cyber security in healthcare and vulnerabilities in existing technology.
This is a global problem. Healthcare organisations face two major kinds of IT risk.
- The first is cyber-attacks like viruses, malware and ransomware that can spread through an organisation in hours, costing millions and potentially putting lives at risk.
- The second is the release of sensitive patient information, leading to damaged reputations and potential legal liability.
Outdated Medical IT Systems Are Vulnerable To Hacking
As a recent article in The Verge noted, many hospitals, medical centres and doctor’s surgeries are filled with legacy IT equipment. Often these are running old versions of operating systems that haven’t been patched or updated. This is a disaster waiting to happen, as the UK’s National Health Service found in 2017 when it was hit by the WannaCry ransomware attack.
Ransomware is software that encrypts files and locks users out of their own computers, then demands payment in untraceable digital currency. Often such software exploits security loopholes in operating systems like Windows, so software makers regularly release patches and updates. But if the updates haven’t been installed, the computer is open to attack.
In WannaCry and many other cases, attacks started when a single user clicked on an email attachment, unleashing the malware into their own computer and the network it was attached to. At the NHS, the WannaCry attack led to some major hospitals being disrupted for weeks, with appointments and operations cancelled and some hospitals shutting their entire networks down.
IT Risk Assessments – A Vital eHealth Practice
The WannaCry incident was a wake-up call for healthcare organizations. They just can’t afford to ignore basic IT security practices such as keeping operating systems and antivirus software up to date. Regular IT risk assessments to uncover and fix vulnerabilities are non-negotiable. At one public sector organization we assessed, we discovered among many other problems.
Fortunately, the problem is easy to fix – and the costs are a tiny fraction of what could be lost when (not if) things go wrong.
Secure Patient Records And Sensitive Data
As several speakers at the Healthcare Innovation Summit pointed out, including Dr Nomafrench Mbombo from the Western Cape Department of Health, electronic health records have major advantages. Being able to share patient records between doctors, nurses, pharmacists and insurance companies can improve patient care. There may be less chance of missing information about allergies or existing medications, for example, and mobile healthcare apps like Vula can help patients in remote areas to access care from top specialists.
None of these advantages can be fully optimised if they are constantly open to the risk of a sensitive data breach. Patient records are just that – very sensitive personal date – yet many healthcare organisations are not taking serious care to make sure their IT health systems protect patients.
Consider this:
- What happens if a doctor’s laptop gets stolen?
- Can patient information be emailed out of the organisation or uploaded to Dropbox?
- How easy is it for unauthorised users to get access to medical data?
- General human error “opening holes” in IT systems. Most data privacy breaches were triggered by employee mistakes or unauthorised disclosures, according to research published in JAMA Internal Medicine.
Now consider how simple the solution is: Implementing data protection and compliance solutions such as Galaxkey protect information wherever it is stored. Galaxkey encrypts emails and documents to prevent unauthorised access, is easy to install and – crucially in busy healthcare settings – it’s easy to use.
Therefore, the good news is that while the security risks to e-health are real, it’s also relatively easy to protect against them. We start with a security audit, identify your specific IT security weak points, provide you with the most applicable solution and assist you with the implementation to give your patients and staff peace of mind.
