The rapid advancement of technology has inspired hope in the healthcare industry, promising to employ artificial intelligence (AI) and cloud-based data platforms in life-altering ways. Surgery assisting robots and miraculously accurate AI-based cancer diagnosis methods are a few preliminary examples of what the industry can expect. With all these great technological strides being taken, however, compliance can easily be left in the dust. And with COVID-19 pushing the limits of healthcare systems worldwide, it’s too easy for cybersecurity to become a lesser priority.
The situation is bleak, with nearly 17,000 patient records being breached every day, according to Entech. Healthcare democratization is essential to fully harnessing the power of AI and other tech advancements on the horizon, which require compliant data distribution and the application of insights gathered from it. Healthcare institutions are struggling to not only meet basic privacy and compliance laws but have difficulty leveraging the large amounts of data that they store in a meaningful way.
This kind of data turbulence isn’t entirely unexpected. Personal Health Information (PHI) is highly valuable, and unlike credit card information or other forms of PII, it does not change. This information is coveted by malicious actors who seek to profit off vulnerable healthcare networks housing massive amounts of PHI without the proper infrastructure to secure it. HIPAA regulations have been set in place to both counteract these threats and preserve patient privacy rights. Although practitioners are attempting to democratize, they are doing so at the cost of compliance, and ultimately, security, with 51% of healthcare providers scored as being “non-compliant with HIPAA Rights of Access—or else needed ‘significant intervention to become compliant’” in a recent survey.
What the healthcare industry is experiencing is an unfortunate, yet avoidable set of challenges that arise when phasing out of legacy network systems and implementing more efficient, cloud-based storage and data exchange solutions. The industry is massive, with countless patient records, established practices, and differing expectations that require data transfer platforms to not only be more secure than ever, but incredibly customized and unique. Understanding this process is top priority when attempting to successfully democratize healthcare, and where unfortunately many are failing. 47% of healthcare practitioners are not confident in their ability to keep data secure, yet the vast majority (91%) are relying on cloud-based services. This shallow risk mitigation posture problem is rooted in a lack of customization and smooth integration when transferring to the cloud.
Securely transferring highly sensitive data doesn’t have to be complicated. Rather, it can connect proper healthcare collaborators, organizations, and individuals to one another in a breach-proof fashion. For example, the ground-breaking discoveries made by the Human Genome Project, an initiative of 13 years, have provided unprecedented insight into the intricacies of genetic disorders and the likelihood of someone having a hereditary disease. This information is not only highly sensitive and valuable but presents healthcare providers with previously unavailable indicators for why a patient may be experiencing certain symptoms. Efficiently using this information, however, requires an easy to use system that both IT professionals and healthcare practitioners can understand.
One example is that of a company that seeks to provide employee benefits covering genomic-based healthcare programs typically not covered by health insurance. In order to transfer this information securely, the network connection for external users and the data encryption tools both required complete reconfiguration, as they were difficult to administer and manage due to internal unfamiliarity with the tools themselves and no access to technical support when needed. This was the point at which customized evaluation was of utmost importance — taking into account the company’s lack of a complete IT team and the need for secure employee access. To resolve this, a simple, highly automated, HIPAA-compliant tool with built-in encryption and a secure external connection was used to streamline this outdated legacy system. This provided the complex automation required for sequential file transfers while protecting critical files containing PHI.
The healthcare industry is continuing to expand — health-related costs are expected to increase this year according to PWC, with Coronavirus demonstrating the often-overlooked importance of reliable healthcare infrastructure. Phishing and spam attacks have drastically spiked during this global pandemic, with the full fallout of these security breaches remaining unknown or undetected until COVID-19 passes. Easy, yet secure access to PHI could potentially mean the difference between life or death. Without it, hospitals, clinics, research institutions, healthcare practitioners, and ultimately, patients can easily fall prey to malicious cyberattacks that can largely be avoided with the proper network security and file transfer platforms.
About Roberto Ramon Garcia
Roberto Ramon Garcia serves as Vice President of Product Strategy & Engineering at San Antonio-based GlobalSCAPE. As Globalscape’s VP of Product Strategy and Engineering, Garcia is responsible for strategic and tactical product planning and the entire product life cycle for Globalscape products.
Previously, Garcia served as Chief Architect for the intrusion detection engine of Symantec’s Norton Internet Security product. Prior to Symantec, he served as Director of Product Development for the L-3 Network Security’s risk assessment and vulnerability management product suite, as well as Foundstone’s award-winning Enterprise Vulnerability Management System. Garcia has been an integral part of two successful acquisitions by industry-leading information security companies: Symantec and McAfee.