Cyberattacks, data breaches, and hacking are key concerns for healthcare executives and a growing problem in the industry. A recent report showed that data breaches were up in 2018, with 503 incidents impacting almost 15.1 million patient records, compared to 477 breaches impacting 5.6 million records in 2017.¹ As hackers get more sophisticated, hospitals need to be increasingly vigilant about their healthcare IT and cybersecurity practices.
Healthcare data security is about more than just regulatory compliance: it needs to be central to a hospital’s ‘patient first’ focus, as it’s critical in maintaining consumer trust and organizational health.
As anyone who has ever had their financial data stolen can attest, it can be a frustrating, costly, and time-consuming issue to correct. Credit card numbers must be changed, false charges corrected, and checks blocked. But unlike financial data, medical data cannot be corrected. Medical data is personal and can’t be changed or “wiped clean” – once the information is breached, the damage is done. Identity theft, insurance fraud, and extortion are all possibilities after a healthcare data breach, especially when you consider the medical information of CEOs, public figures, and other individuals are key targets for hackers on the black market.
For hospitals or other healthcare systems, a breach can be financially devastating long-term, too. The service interruptions and potential HIPAA fines sting upfront, but lack of consumer confidence driving patients elsewhere could mean lost revenue for years to come. Overcoming a serious data breach requires extensive image and trust rebuilding in a community, usually in the form of a massive and expensive PR campaign. For these reasons, most hospitals already understand the significant risks involved when handling patient health information – a recent HIMSS survey showed that cybersecurity, privacy, and security are top concerns in healthcare.²
Unfortunately, concern about data security doesn’t always lead to action.
Despite data security growing in importance, a 2017 Black Book Market Research survey showed that only 15% of organizations reported having a chief information security officer.³ Given the enormous amount of private information hospitals have access to, high employee turnover rates, and the lack of IT leadership, this only adds to the unique challenges healthcare organizations face when implementing cybersecurity measures – many driven by the large number of systems and software vendors that every hospital uses to coordinate care and manage their business.
The sheer number of disparate IT systems used in healthcare is perhaps unrivaled in any other industry. Every system, every vendor, every connection, and every employee with access and responsibility for transferring sensitive data is a cybersecurity risk. That’s because EMRs and other healthcare interfaces weren’t built to share data – they were built as fortresses to protect the data of patients and to make sure that data was available only within the walls of that system.
“The ‘walled fortress’ approach to security no longer works,” says Olive Chief Product Officer David Landreman. “Keeping all data within your physical facility is not the end-all of protecting your data, it doesn’t account for human negligence, and it doesn’t make up for a comprehensive approach to security.”
Instead, data must be exchanged seamlessly and securely in order for healthcare organizations to provide better care to people globally, and this can only be achieved through technology.
Technology vendors should be an area of scrutiny for healthcare organizations looking to mitigate risk.
Implementing data protection strategies and vetting technology vendors thoroughly will enable healthcare organizations to meet regulations and share critical patient data more securely. To limit risk and improve overall IT security strategy, hospitals should perform a security assessment of the vendors they currently use to understand their risk. Every new vendor selection process should weigh security concerns heavily in the evaluation criteria – begin this security evaluation early to ensure your solutions are built with the complexities of your organization in mind.
What happens when a hospital conducts a security assessment and finds that a vendor isn’t measuring up? Hospitals have two real options: put pressure on the company to improve security or switch vendors. As anyone who has switched vendors or implemented new software knows, neither are an easy task. Possible contract cancellation fees, time spent evaluating new solutions, resources spent on re-training employees on new software – it all adds up.
And what’s the incentive for current vendors to improve security practices if only 10% of their customer base, for instance, needs those security updates – does the cost of potentially losing customers outweigh the cost of upgrading cybersecurity? As mentioned before, switching vendors can be cost-prohibitive, leading many hospitals to stay with current vendors with only vague promises or extended timelines for upgraded security.
Working exclusively with healthcare-specific vendors reduces risk.
When new regulations come out, new medical devices emerge, and new threats develop in healthcare, hospitals need partners that understand their industry-specific needs. Healthcare-only vendors understand the unique challenges facing the industry and will be better positioned to address organizations’ changing needs – especially those around cybersecurity.
That’s why at Olive, we’re healthcare first, and healthcare only.
Unlike other AI solutions on the market, Olive uses her healthcare-specific skills to address common bottlenecks when it comes to automating workflows – most importantly, she does it with unrivaled security measures built for healthcare, working seamlessly within common industry processes and your current IT infrastructure. Instead of adding to your tech stack, Olive helps you run the tools you already have in place more efficiently, handling sensitive data without compromising security, helping to mitigate hospitals’ risk.
Olive was built from the ground up with the complexities of healthcare data in mind, working seamlessly with the security controls and practices healthcare organizations already have without compromising sensitive health information. We believe industry regulations like HIPAA privacy rules, SOC2 compliance and other bot-related compliance issues should be the least of your team’s worries – we want them focused on more human-like initiatives, like patient care.
Olive automates a variety of healthcare workflows with speed and ease because she was designed to interact with EMRs, insurance portals, and other healthcare applications the same way a human would – only faster, smarter, and more securely. And Olive’s capabilities around industry languages and standards were built specifically for healthcare – that means she’s experienced with HL7 standards (including FHIR), EDI X12 messaging, and more.
Are your current vendors providing the security your organization needs? Contact us today to learn more about how Olive can help your organization limit risk and improve your overall data security.