The challenges healthcare CIOs and CTOs face are mounting as incidents of data breaches occur with increasing frequency. Keeping business-critical data secure is becoming progressively complex. Balancing the need for top IT talent; managing the systems, and enforcing the policies required for regulatory compliance; and just staying on top of internal and external threat levels are all top concerns for today’s healthcare IT professionals. So what’s keeping them up at night? Let’s explore that—you may find it surprising.
Security as a concern for healthcare IT leaders isn’t uncommon. In fact, a recent survey by SunGard Availability Services found that it’s the top concern facing healthcare CIOs and CTOs today. As you can see from the data below, most of the respondents to the early-2015 study pointed to internal threats as the primary concern:
- 62 percent said their main security concern was employees leaving smartphones or laptops in vulnerable places.
- 59 percent said they were concerned about password sharing.
- About half said security planning should undergo no budget cuts this year.
While those in the trenches are indeed concerned about internal threats, it’s valuable to note that others examining the big-picture market have made a case for the opposite. The Ponemon Institute released a study showing the root cause of data breaches has shifted for the first time, from accidental data loss to intentional, criminal attacks. Compared to five years ago (when lost laptops were the biggest threats) the number of healthcare data breaches has risen by 125 percent. According to the study, cybercriminals now realize the value electronically protected health information (ePHI) holds in the black market. This reality, combined with increased usage of cloud services and related third-party vendors, which has created new opportunities for hackers to target ePHI.
Whether they’re most concerned about security breaches originating internally or externally, the fact of the matter is clear: Data protection is paramount, and CIOs and CTOs know it.
Regulatory compliance is another stressor for leaders in healthcare IT today. Furthermore, it is often the case that these businesses are subject to a variety of compliance frameworks – even those falling outside of their industry. Privacy and security measures are regularly being updated and enacted (think SOX, PCI, and HIPAA), and the penalty for non-compliance with any one of them can be devastating—legally, financially and reputationally. Because of this, CIOs and CTOs must remain on top of the current regulations to make sure their security measures meet—or, better yet, exceed—the standards. (In today’s world, compliance alone is not enough.)
While the overall mindset of the healthcare CIO is slowly changing from troubleshooting to big-picture business decision making, one fact remains: when bad things happen in IT, somebody has to fix it. And fix it quickly. It’s logical for these healthcare leaders to be concerned about testing the best methods for handling disasters (like security breaches, weather events, etc.).
Considering that downtime came in second (behind security) on Sungard’s list of top CIO concerns. Forty-two percent of respondents said their disaster recovery itineraries are vital, many going so far as to say that the potential reputation damage is far too much when compared to the financial cost for services that maintain continuity in the event downtime threatens – meaning, they are certainly worth it.
In addition to security issues, CIOs and CTOs also report concern about the implications of big data, the best way to acquire the right talent, and how to control IT budgets in today’s widening tech marketplace. However, even with all these other concerns, the threat of security failures seems to reign supreme. Many use security solutions to fortify their networks (especially when working with ePHI and HIPAA protected content), including:
- Network firewalls
- Encrypted storage
- Malware protection
- File integrity monitoring
- Two-factor authentication
- Log management
- Intrusion detection and prevention
Navigating today’s ever-changing tech landscape can be difficult for any security minded businessperson, as threats abound and hackers continue to innovate. Heightened security is especially imperative for those in the healthcare IT world, though, due to the sensitivity and sheer volume of data that changes hands and crosses applications. Understanding the risks is important, and taking action now can help prevent (or at least minimize the damage caused by) future incidents.
Additional Resources on This Topic:
Image credits: StockSnap.io