Health IT

When it comes to cybersecurity, why is healthcare so behind?

During a recent webinar hosted by the Center for Connected Medicine, three thought leaders discussed why healthcare is lagging behind in terms of cybersecurity initiatives.

cybersecurity, security, data breach, breach

“Cybersecurity” seems to have become one of the most popular words in the modern day lexicon. And its pervasiveness is only growing, especially in the healthcare industry.

During a webinar hosted by the Pittsburgh, Pennsylvania-based Center for Connected Medicine, three experts shared their thoughts on how organizations can respond to cyberthreats.

It’s undeniable that hospitals and health systems are increasingly becoming victims of cyberattacks. “Healthcare providers are attractive and lucrative targets,” said Rob Marson, Nokia’s head of business strategy, security and IoT.

But compared to other industries facing cybersecurity issues, healthcare is slow-moving.

“As a healthcare industry, we are a bit behind the times,” Garrett Hall, a research director at KLAS, said during the webinar.

Hall attributed this sluggishness to other priorities that have taken the forefront in healthcare, such as new EHR installations and population health initiatives. “That has pushed cybersecurity to the back burner a bit,” he added. “The bad news is we are behind, but the good news is I think we’re catching up.”

Despite improving slightly, healthcare organizations have to stay on top of keeping their security measures in check. Organizations “that feel they are in a good place with their security program are the ones that do an annual external risk assessment,” Hall said. It’s crucial to conduct such assessments on a yearly basis, Hall noted, because of the evolving nature of cyberattacks.

Rather than being reactive about their security efforts, hospitals must strive to be proactive when it comes to protecting their valuable data. And the data is indeed precious — gaining access to protected health information means big money for hackers.

“Healthcare data is both accidental and intentional targets of attacks,” Beth Musumeci, vice president of cybersecurity for GE Healthcare, said.

Musumeci pointed out numerous actions for hospitals and health systems to keep in mind as they work to safeguard patient data. The first is that compliance doesn’t necessarily equal security. “Understand that criminals will take the trouble to understand your network as well as they can,” she said. Additionally, organizations should ensure they have an emergency response plan and work to make cybersecurity part of their culture.

There isn’t a one-size-fits-all recipe for securing every hospital’s network. But Musumeci closed her portion of the webinar on a positive note. “Most importantly, don’t give up,” she said. “The problem isn’t as overwhelming as it seems. The cybersecurity challenge for healthcare is not insurmountable.”

Photo: roshi11, Getty Images

Shares0
Shares0