Last we met, dear readers, I relayed some of my post-HiMSS 2015 reflections on the issue of patient engagement – which was quite a big topic in Chicago. But there was another issue at HiMSS vying for top billing: healthcare IT security.
Not a surprise, really – from my perspective anyway. Going into HiMSS, I posted a brief series of blogs about the impact of healthcare IT security focusing on systematic prevention, mergers and acquisitions, and security challenges facing teaching hospitals. Speaking with RES customers, it’s quite clear that security is a top-of-mind issue for healthcare IT teams everywhere.
If you need more convincing, take a look at the running tally of breaches maintained by the US Department of Health and Human Services. On last check, it listed 1,219 breeches going back to 2009. That’s equal to a major security breach every other day. No wonder that when it comes to security breaches, many health systems have an attitude of “not if but when.”
Healthcare Is the New Retail
We’ve all heard about the data security problems at retailers like Target, Neiman Marcus, and Home Depot. But when it comes to the future of hacking and security breaches, healthcare is the new retail. The fact is, health systems have been comparatively slow to the IT table and the hackers with criminal intent know it. According to a report by the Ponemon Institute, “Criminal attacks on healthcare organizations are up 125 percent compared to five years ago.”
This isn’t exactly a surprise – which is why it was such a meaty topic at HiMSS. What does count as news, however, is what health systems are doing to address the problem.
Every Little Bit Helps
When we think of security, we typically think of firewalls, encryption, malware detection, and so on. Of course, most health systems out there are already deeply involved with these technologies (and if they’re not, they need to get going fast). The elephant in the room is that despite these technologies, breaches are still happening.
But what if you started with an IT system backbone that is designed to minimize the impact of potential breaches by preventing the spread of malware, spyware, viruses, and so on with a ground-up approach to secure data access? This is what we’re advocating at RES – and many of our customers are finding success.
For example, built in our solution is context aware technology that automatically prevents users without the proper role, profile, and location from gaining access to restricted data. We also offer the capability for whitelisting and blacklisting apps that block entry for listed IP addresses, entities and individuals. Our automated on-boarding and off-boarding technology, not only speeds the enablement of new employees and associates but also removes their access the instant they resign and move on to another organization or another role (a problem that is bigger than many may think). Our technology also allows clinicians to do their jobs anywhere or any authorized device while, again, preventing those without permissions from gaining unauthorized access.
Think of RES as an added layer of security that complements your efforts on the perimeter and elsewhere.