Security in the medical industry refers to responsibilities and actions taken to ensure patient safety and keep businesses financially and information secure. This includes the prevention, reduction, reporting, and analysis of medical error that often leads to adverse effects and cybersecurity threats.
History
edit
Causes
edit
Security types
edit
Role of government
edit
International actions
edit
National actions
edit
Notable incidents
edit
Organizations
editOriginal content
editIn the world of patient and information security, a lot comes into play, thus teams play critical roles in tackling these issues from the beginning to keep businesses financially and information secure. From HealthTrust, a purchasing group based out of Nashville, Tennessee, looks to provide hospitals with nurses and doctors all over the states, “cybersecurity isn’t necessarily top priority for all manufacturers. It’s definitely on their radar”[1]. Which is part of the problem for companies providing the care for patients and the information security, as well as the device security. Frank Platt, an information security consultant based in Nashville, “If there’s a breach, and personal health information gets out, you’ve now got a serious HIPAA violation. That can mean huge fines and criminal penalties, even jail time.”
Companies and Hospitals have are open to many attacks with vulnerabilities of the likes of old operating systems like Windows XP, which no longer offers security updates, which many hospitals may still use to this day. In the year 2015, healthcare industry had a record number of data breaches. Sourced from HIPAAJournal.com “More then 113 million records were compromised in 2015 alone, 78.8 million of which were stolen in a single cyberattack[2].” This year alone had more records stolen then the previous 6 combined.
The healthcare idustry is a prime target for security flaws, and for any black hats wanting to cause harm or find some sort of financial gain from the breach. The “Health Insurance Portability and Accountability Act of 1996” was set in place for any of the breaches accounted for held personal information to patients, the orginzation and hospital would be held accountable for the data loss, and helped set a standard for data security. From American Hospital Association and CEO Rick Pollack, “Cyber threats are a major risk issue for hospitals and health systems. The AHA continues to recognize and prioritize this threat as a significant challenge for the field and has responded by creating the position of senior advisor for cybersecurity and risk. Hiring John Riggi, former FBI Cyber Executive and a nationally recognized expert for healthcare cybersecurity to fill that role and serve as a resource to advise and assist the field in mitigating the many cyber and physical risks they face.”[3]
Medical Device Security is another issue at hand within the hospitals and patients as far as the patients health could be concerned. Issued just last month, on the 27th, the FDA reported and security risk withing Medtronic MiniMed Insulin Pump[4]. These devices help regulated insulin to the patients with diabetes. FDA created a total recall on the device and specific models. Hackers looking to cause harm to patients with devices is a huge risk and lawsuit for the company as it’s only the FDA’s concern to give information to the public, all security concerns and breaches fall back on the company. With the risk of devices being hacked and control by unwanted persons, device security is and should be a primary concern from providers, especially for MedTronic’s 2017 year report which is said to have served seventy million patients.[5]
Citations
HealthTrust. “Cybersecurity and Medical Devices - HealthTrust - Performance Improvement For Healthcare.” HealthTrust, HealthTrust Workforce Solutions, 1 Mar. 2017, healthtrustpg.com/healthcare-innovation/cybersecurity-and-medical-devices/
“News and Articles about HIPAA.” HIPAA Journal, HIPAA, www.hipaajournal.com/.
“Protecting Your Privacy & Security.” HealthIT.gov, U.S Government, www.healthit.gov/topic/protecting-your-privacy-security.
Center for Devices and Radiological Health. “Cybersecurity.” U.S. Food and Drug Administration, FDA, www.fda.gov/medical-devices/digital-health/cybersecurity.
AHA. “Cybersecurity and Risk Advisory Services: AHA.” American Hospital Association, www.aha.org/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services.
Medtronic.--”Sustainability-Reports.”--Medtronic, www.medtronic.com/us-en/about/citizenship/integrated-performance-reports.html. FY2017 Integrated Performance Report
- ^ HealthTrust (2015-04-14). "Cybersecurity and Medical Devices". HealthTrust - Performance Improvement For Healthcare. Retrieved 2019-07-11.
- ^ "Healthcare Cybersecurity". HIPAA Journal. Retrieved 2019-07-11.
- ^ "Cybersecurity and Risk Advisory Services | AHA". American Hospital Association. Retrieved 2019-07-11.
- ^ Health, Center for Devices and Radiological (2019-06-27). "Cybersecurity". FDA.
- ^ https://www.medtronic.com/content/dam/medtronic-com/global/Corporate/Documents/integrated-performance-report.pdf