JANUARY EDITION

The Cybersecurity of Patient Information Systems Today and Tomorrow


SmartGroup™ At-a-glance

EXECUTIVE SUMMARY

As hackers become more sophisticated social engineering, employees and unsecure medical devices have an impact on the security of patient data. Blockchain, AI, and cloud technology play a role. Response to data protection has been positive; new prevention technologies are having a positive impact.

Data should be protected. Security strategies such as authentication, encryption, and access management must be implemented to ensure patient data security. Data belongs to the individual.

Social engineering and employees are the weakest link, contributing to most attacks; continuing to improve cybersecurity awareness is crucial and needs to be specific for issues within the field.

Understanding the Zero Trust Network concept and the risks involved with medical devices is an important element in keeping patient data secure. Current vulnerabilities are being addressed.

Regulatory policies help to minimize threats. Audits will become the norm as companies must meet compliance standards. Employees will remain the biggest cybersecurity threat within organizations.

ACTIVITY

93 Days

24 Panelists (20 New)

Posts: 27

Comments: 82

New Followers: 14

109

CONTRIBUTIONS

PANELISTS

MAP

What are the biggest innovations impacting the security of patient records today?

Higher
Significance of Impact
Lower
Lower
Potential Impact
Higher
Click a circle to see details
 
 
 
 
 
 
 
 
 
 

01 . Employee Security Training and Awareness

02 . local digital or paper Back-up system

03 . Everyone's Responsibility

04 . Zero Trust Networks

05 . Security Budget for Security Controls and Programs

06 . ID the Care Team

07 . Modern Security Practices for Securing Patient I.S

08 . SETA Programs

09 . Investing more to secure and innovate.

10 . Cloud services

TOP POINTS

01 . Employee Security Training and Awareness

Jim Harbert - 4.45 (33 ratings)

Systems Administrator

Comments: 12

Quality: 4.43 (7 ratings)

Y/X Polarity: Low / Low

Employees are the weakest link in any security system for any organization. Employee security training is not a new innovation, but there has been an increase in the amount and type of employee training.

02 . local digital or paper Back-up system

Atefeh Samadi-niya - 4.45 (67 ratings)

President and CEO & MD, DHA (PhD), FACHE

Comments: 1

Quality: 5.00 (1 ratings)

Y/X Polarity: Low / Low

One of the most important benefits of Electronic Medical Systems and cloud-based information is their availability all the time but what if the system is down and the IT team is updating their applications and the hospital computer outlets does not have access to the cloud and internet? What if the patient comes to the ER and the staff do not have access to the EMRs? This happened to some staff before when an IT administrator changed the password of the system and forgot to let staff know.

Therefore, while considering these great cloud and online storage ideas, the healthcare system and each hospital and clinic should still keep the original guidelines, reference manuals, the blank patients charts, and the prescription pads in their own facilities for the occasions that the cloud or online applications are not available. The senior staff should be able to locate the information on a very local computer that does not even have to be connected to the internet. Everything necessary for a daily operation should be saved and stored on a local computer or a server and the information could be retrievable for the future use in that case it is needed.

Physicians can still write their prescriptions on the pads and they can record patient information on the charts so they can be transferred to the electronic medical records later.

03 . Everyone's Responsibility

Tony Cowan - 4.63 (59 ratings)

Senior Biomedical Engineer (Medical IT) at Queensland Health

Comments: 2

Quality: 5.00 (2 ratings)

Y/X Polarity: Low / Low

Many clinicians select devices and software to connect to the network based on functionality and neglect the vulnerability of the products. These clinicians need to be made aware of these vulnerabilities at the time of purchase. CyberSecurity are rarely consulted in the purchase of these devices, but have to manage the fallout. Although almost any device can be made secure, it requires much more planning and infrastructure to isolate.and manage.

Regulators are now requiring medical device manufacturer's to produce cybersecurity documentation displaying just how vulnerable some of these devices are. No matter how good the device functions, once it has been hacked, these devices can be rendered useless along with it's data and make the rest of its trusted network vulnerable.

There is no silver bullet for CyberSecurity. It is multifaceted and requires everyone to play a part to make their Healthcare organization secure.