Enabling healthcare and life sciences innovation by improving cybersecurity
Cybersecurity is a huge concern for individuals, commercial and noncommercial organizations and governments alike.
Threats are proliferating, and the techniques cybercriminals use to steal data and disrupt operations evolves almost as quickly as security professionals can devise solutions. It's an acute concern in healthcare and life sciences because the data is so valuable to hackers and the stakes are so high.
Earlier this month, Terry Rice, Vice President and Chief Information Security Officer at Merck, submitted written testimony to the United States House of Representatives Committee on Energy and Commerce, Subcommittee on Oversight and Investigations. The topic was "Cybersecurity in the Healthcare Sector: Strengthening Public-Private Partnerships," and Rice made many important points.
Citing a long list of healthcare industry breaches that compromised more than a hundred million medical records and mentioning the threat hackers pose to connected medical devices, Rice reached the chilling conclusion that the cybercrime threat to the healthcare industry is worse than generally acknowledged. He listed several factors that contribute to underestimating the real magnitude of the threat:
• Cybercrimes that occur in the healthcare space tend to be underreported unless they involve the theft of patient data (and are thus subject to mandatory reporting procedures) because companies want to avoid the reputational fallout from a breach.
• Small to midsized businesses make up about 90% of the healthcare sector, and smaller companies typically don't have the resources to invest in cybersecurity.
• Due to the nature of service delivery and reimbursement, healthcare information must be shared with multiple parties (specialists, insurance companies, etc.), making it more vulnerable to theft and/or inappropriate disclosure.
• The rapid development of software solutions to help healthcare providers comply with reform initiatives that encourage adoption of electronic medical records resulted in increased exposure.
• Anecdotes and other evidence that suggest healthcare organizations fall victim to cybercrime more often than they report it, including web services that identify and catalog threats.
Given that generally accepted estimates of the scale of the threat are already daunting, it's disturbing to consider that it might actually be much worse. It's also important to keep the stakes in mind: technology and data have so much potential to transform the industry whether in personalized medicine and population health management or accelerating the development process for new pharmaceuticals and medical devices. Rampant cybercrime threatens that potential, which can adversely impact lifesaving care as well as significant cost control or cost reduction opportunities.
In his testimony, Rice advocates expansion of public-private partnerships to tackle the issue of cybercrime in healthcare. He provides a brief overview of how public-private partnerships evolved in the sector and how they work today, including working groups that identify threats and develop methods to secure big data in healthcare. Rice also references the SAFE BioPharma Association's efforts to simplify new FDA drug applications, and he encourages exploration of methods to ensure the integrity of electronic data.
As data integration and management professionals working with many healthcare and life sciences companies — including Merck — we at Liaison wholeheartedly agree with Rice's call for an expansion of public-private partnerships. We offer solutions that keep data secure, whether in motion or at rest, as well as compliance expertise to help relieve the burden healthcare and life sciences companies currently carry.
Liaison provides the groundbreaking ALLOYTM Health Platform so that users can protect patient information and other sensitive health data on a cloud platform that is secure and compliant with multiple industry standards and regulations including HIPAA, 21 CFR Part 11, SSAE 16 SOC 2 and PCI DSS. By working together, we can protect the data that drives innovation — and that can help companies like Merck achieve their mission of saving and improving lives around the world through innovative products and services.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.
© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.