Abstract
In the current era of the medical field where most of the data in healthcare are recorded, stored, and transferred online using cloud-based management systems which are shared among the healthcare providers and patients with secured login credentials. Now the patients can quickly access their health profile and their lab results using the mobile apps run by the hospitals. Though the process appears easy the security of the data saved in the healthcare system is still questionable where there is a lot of chances for a data breach.
Background
It’s time for us to look into the insights of the software system to keep the hospital data securely as the number of incidences of hackers able to retrieve the secured details easily and we can’t go back to the old paper file system.
In a recent report on June 2021, Wolfe Eye Clinic has encounter data breaches in network environments and independent IT security systems. The forensic investigation concluded that the cyber attackers accessed and exfiltrated the data of current and former patients. The stolen protected health information included names, addresses, birth dates, Social Security numbers, medical and health information. These events also occurred in big pharma giants – CVS pharmacy, where 1 billion search results are exposed which is mostly about the medications and COVID vaccination records. There was a 39% increase in healthcare data breaches since March that was reported to the HHS’ Office for Civil Rights. There was a large geographical spread of data breaches all-around 30 states in the USA.
Reasons for the data breach:
Many of the reported breaches occurred at business associates of HIPAA-covered entities, which impacts the healthcare clients. The most common location of breached protected health information was in the network servers ─ due to ransomware attacks or other malware infections. Email accounts were the second most common location of breached PHI, which was done by phishing email response. A new study shows that 83 % of hospital infrastructure is running outdated software that is a considerable risk to get cyber-attack. Many medical devices are still running on Windows XP operating systems, which are no longer supported by Microsoft, which means vulnerabilities go unfixed. and using outdated software systems
How to control these incidents?
Medical record systems and medical devices should be password-protected and secured with a security system. All of the devices and systems on the hospital networks should be restricted to communication with one server only to limit hackers’ opportunities to get into hospital networks. Another way to protect data would be to use a new standard of protection and upgrading latest updates provided by the software developers. The new standard, known as Fast Healthcare Interoperability Resource (FHIR) would allow for encrypted communications inside hospital networks. The UCSD researchers also suggest that hospital IT staff should be trained on cybersecurity issues and trained to enable defenses against potential attacks. Cybersecurity should also be part of the FDA approval process for healthcare devices, according to the researchers. Manufacturers would benefit from using the newest and most secure operating systems to ensure the proper cybersecurity needs, according to the researchers.
“Working together, we can raise awareness of security vulnerabilities that have the potential to impact patient care and then develop solutions to remediate them,” Tully said.
References
https://www.hipaajournal.com/Healthcare Data Privacy» March 2021 Healthcare Data Breach Report.
Social Media & HIPAA Compliance: Simple Ways to Protect Your Business, Webinar Details,2021