Can we end the healthcare data breach pandemic?
The Healthcare industry is facing rates of cybercrime at a pandemic level. In fact, healthcare breaches accounted for 43% of all reported breaches between 2014 and 2016. The digitisation of healthcare records amidst a changing cybersecurity landscape has broadened healthcare organisations’ exposure points, and as demand for data sharing between healthcare organisations increases, so does the risk of a data breach and non-compliance with patient data protection regulations.
This past year has been a massive one for healthcare data breaches in the UK. The National Health Service (NHS) has faced ransomware attacks and most notably, a major data breach that exposed the medical records of 26mn patients.
How did this happen?
Due to a lack of control and oversight, doctors were able to change a setting in the IT system to make patient records shareable across different healthcare organisations – ultimately exposing the records to thousands of workers across the country.
With this breach, we saw practitioners, the UK government and citizens jump into crisis mode. What was the cause of this breach? In large part, a failure to properly govern identities and their access to sensitive patient data.
What makes this an interesting case for identity is that it wasn’t malicious. Doctors aren’t IT professionals. Their job is to make sure patient care is delivered accurately and in a timely manner across different care providers. Making patient records accessible to the hospital or the specialists that doctors are sending their patients to seems like a reasonable way to expedite care, save time and provide good service to patients. But without proper governance, it quickly became a massive exposure point that was ultimately exploited and impactful to millions.
- A treatment for the data and analytics challenge in healthcare
- Israel is set to launch its $275mn Digital Health strategy
- Oracle founder Larry Ellison launches a new health and wellness company
As this real-world example illustrates, sensitive data often gets exposed through legitimate users doing their jobs on a daily basis without realising they’re exposing their organisations to risk. And it could very easily happen again.
For example, a clinician conducting a research study may copy and paste medication administration from the Electronic Health Records (EHR) system into an application such as Word, PowerPoint or Excel for sharing. Or a provider organisation’s Health Information Management department may run a real-time operational report for auditing purposes, and later save this report to a network drive for future reference. Both of these actions, while helpful to the employees conducting them, also result in taking sensitive data outside of protected systems, ultimately creating additional exposure points for the organisation.
This data problem is not unique to healthcare organisations. It’s a common challenge that many organisations are trying to overcome, given that an estimated 80% of all data is stored in files. Organisations need an effective and efficient approach to mitigating the risk of exposing sensitive data to unauthorised individuals or groups—some of whom may have questionable or even malicious intent.
Is there a proverbial vaccine for this widespread issue that affects virtually everyone on both the patient and care-provider sides? It’s not that simple, but the good news is that the healthcare industry can learn from other highly regulated industries how to better address this challenge.
Implementing a robust identity governance program can help. Identity governance allows organisations to answer the question of who has access to what and what they’re doing with that access, addressing an organisation’s exposure points to reduce the risk of a data breach and mitigating the amount of damage hackers can do if an organisation is breached. This also allows IT and healthcare providers to be more efficient and focus on their respective roles without putting their organisations at risk.
When it comes to healthcare, the stakes are high. Healthcare records are valuable to hackers and cost a lot in compliance fees when exposed, not to mention the reputational damage. Organisations need the right tools to make sure access to sensitive data is granted and controlled appropriately, especially as this data is increasingly found outside of IT’s purview. This is where identity comes in. With identity governance, healthcare organisations are empowered to deliver care while knowing their patient data is secure.
Skin Analytics wins NHSX award for AI skin cancer tool
An artificial intelligence-driven tool that identifies skin cancers has received an award from NHSX, the NHS England and Department of Health and Social Care's initiative to bring technology into the UK's national health system.
NHSX has granted the Artificial Intelligence in Health and Care Award to DERM, an AI solution that can identify 11 types of skin lesion.
Developed by Skin Analytics, DERM analyses images of skin lesions using algorithms. Within primary care, Skin Analytics will be used as an additional tool to help doctors with their decision making.
In secondary care, it enables AI telehealth hubs to support dermatologists with triage, directing patients to the right next step. This will help speed up diagnosis, and patients with benign skin lesions can be identified earlier, redirecting them away from dermatology departments that are at full capacity due to the COVID-19 backlog.
Cancer Research has called the impact of the pandemic on cancer services "devastating", with a 42% drop in the number of people starting cancer treatment after screening.
DERM is already in use at University Hospitals Birmingham and Mid and South Essex Health & Care Partnership, where it has led to a significant reduction in unnecessary referrals to hospital.
Now NHSX have granted it the Phase 4 AI in Health and Care Award, making DERM available to clinicians across the country. Overall this award makes £140 million available over four years to accelerate the use of artificial intelligence technologies which meet the aims of the NHS Long Term Plan.
Dr Lucy Thomas, Consultant Dermatologist at Chelsea & Westminster Hospital, said: “Skin Analytics’ receipt of this award is great news for the NHS and dermatology departments. It will allow us to gather real-world data to demonstrate the benefits of AI on patient pathways and workforce challenges.
"Like many services, dermatology has severe backlogs due to the COVID-19 pandemic. This award couldn't have come at a better time to aid recovery and give us more time with the patients most in need of our help.”