The future doesn’t look much better for cybersecurity. John Halamka, MD, CIO of Boston-based Beth Israel Deaconess Medical Center, wrote on his blog “Life as a Healthcare CIO” that no Internet-connected device is safe. He said he met with the Department of Justice Attorney General for National Security who said state-sponsored cyberterrorism and organized cybercrime are on the rise, and every device connected to the Internet will eventually be compromised.
And, regardless of what security measures organizations may adopt, employees and the nature of human error remain a top threat to cybersecurity. “We spend millions on new technology, countless hours on policy writing and engage all stakeholders to enhance their awareness. Yet, we’re as vulnerable as our must gullible employee,” Dr. Halamka wrote.
That’s not to say healthcare organizations haven’t enhanced their cybersecurity defenses to try to mitigate any and all threats. Dr. Halamka wrote his team has increased education efforts and put filters on incoming emails to scan URLs and attachments for malware. They have increased security staff, and Dr. Halamka seeks vendor contracts that explicitly include liability and monetary damage payment protecting the hospital against third party claims in the event of a breach.
However, cybersecurity protection will be perpetual, Dr. Halamka wrote.
“Although ICD-10 and meaningful use work may be diminished in 2016, security work is likely to increase,” Dr. Halamka wrote. “As I’ve told the board, security is a process, not a project. You’ll get better and better but will never be done.”
More articles on cybersecurity:
The human factor in cybersecurity: 5 key thoughts
Legal perspective: 6 key points on data breaches
1-in-3 health records will be compromised in 2016: 5 things to know
