Can we end the healthcare data breach pandemic?
The Healthcare industry is facing rates of cybercrime at a pandemic level. In fact, healthcare breaches accounted for 43% of all reported breaches between 2014 and 2016. The digitisation of healthcare records amidst a changing cybersecurity landscape has broadened healthcare organisations’ exposure points, and as demand for data sharing between healthcare organisations increases, so does the risk of a data breach and non-compliance with patient data protection regulations.
This past year has been a massive one for healthcare data breaches in the UK. The National Health Service (NHS) has faced ransomware attacks and most notably, a major data breach that exposed the medical records of 26mn patients.
How did this happen?
Due to a lack of control and oversight, doctors were able to change a setting in the IT system to make patient records shareable across different healthcare organisations – ultimately exposing the records to thousands of workers across the country.
With this breach, we saw practitioners, the UK government and citizens jump into crisis mode. What was the cause of this breach? In large part, a failure to properly govern identities and their access to sensitive patient data.
What makes this an interesting case for identity is that it wasn’t malicious. Doctors aren’t IT professionals. Their job is to make sure patient care is delivered accurately and in a timely manner across different care providers. Making patient records accessible to the hospital or the specialists that doctors are sending their patients to seems like a reasonable way to expedite care, save time and provide good service to patients. But without proper governance, it quickly became a massive exposure point that was ultimately exploited and impactful to millions.
- A treatment for the data and analytics challenge in healthcare
- Israel is set to launch its $275mn Digital Health strategy
- Oracle founder Larry Ellison launches a new health and wellness company
As this real-world example illustrates, sensitive data often gets exposed through legitimate users doing their jobs on a daily basis without realising they’re exposing their organisations to risk. And it could very easily happen again.
For example, a clinician conducting a research study may copy and paste medication administration from the Electronic Health Records (EHR) system into an application such as Word, PowerPoint or Excel for sharing. Or a provider organisation’s Health Information Management department may run a real-time operational report for auditing purposes, and later save this report to a network drive for future reference. Both of these actions, while helpful to the employees conducting them, also result in taking sensitive data outside of protected systems, ultimately creating additional exposure points for the organisation.
This data problem is not unique to healthcare organisations. It’s a common challenge that many organisations are trying to overcome, given that an estimated 80% of all data is stored in files. Organisations need an effective and efficient approach to mitigating the risk of exposing sensitive data to unauthorised individuals or groups—some of whom may have questionable or even malicious intent.
Is there a proverbial vaccine for this widespread issue that affects virtually everyone on both the patient and care-provider sides? It’s not that simple, but the good news is that the healthcare industry can learn from other highly regulated industries how to better address this challenge.
Implementing a robust identity governance program can help. Identity governance allows organisations to answer the question of who has access to what and what they’re doing with that access, addressing an organisation’s exposure points to reduce the risk of a data breach and mitigating the amount of damage hackers can do if an organisation is breached. This also allows IT and healthcare providers to be more efficient and focus on their respective roles without putting their organisations at risk.
When it comes to healthcare, the stakes are high. Healthcare records are valuable to hackers and cost a lot in compliance fees when exposed, not to mention the reputational damage. Organisations need the right tools to make sure access to sensitive data is granted and controlled appropriately, especially as this data is increasingly found outside of IT’s purview. This is where identity comes in. With identity governance, healthcare organisations are empowered to deliver care while knowing their patient data is secure.
NHS care homes are better than private, report finds
A new survey has found that 60% of people with parents in NHS care homes believe the quality of care has improved, compared to just 49% of respondents with parents in private care facilities.
The survey was conducted by Kepler Vision Technologies, an AI-driven company formed at the University of Amsterdam. It was carried out among UK adults with parents over the age of 75.
Respondents cited more capable care staff and better monitoring systems as being the main reasons for improvement.
However those who do not have parents in assisted living facilities had a different viewpoint - in this case only 35% of respondents believe that NHS facilities are improving, compared to 32% who believe it is only improving in the private sector.
Only 18% of people whose parents live with them or independently believe care home staff are able to look after residents to a good standard.
Kepler Vision say this difference in opinion is due to perceived budget cuts and financial pressures, with 67% of people commenting that a lack of funding has had a negative effect on care in both NHS and private care facilities.
Other key findings of the survey include:
* Out of those who say quality has declined in care homes, 69% say the NHS is dealing with budget cuts and increased financial pressure, while 65% also said that the private system is dealing with these pressures too
* 55% said that they or their parent have money saved specifically to pay for their future care
* 35% said the idea of their parent in a care home makes them feel frightened, although 32% say it makes them feel secure
* 52% are worried about their parent catching COVID
* 47% are worried about their parent being lonely
* 46% are concerned they could fall over alone
The announcement of this research follows the UK government's decision to delay presenting its social care budget till the autumn.
Commenting on the research, Dr Harro Stokman, CEO of Kepler Vision Technologies said: “While it is good to see that people recognise the importance of staff and face-to-face interaction in elderly care, the huge gap in opinion between those with parents in care and those without shows that there are unfair negative perceptions around the residential care space.
"More can and should be done by care homes to give people the confidence that their relatives will receive the very best care - by highlighting the excellent work of staff and how well they are able to monitor resident’s needs with easy-to-use technology.”