The Changing Landscape of Cybersecurity for Hospitals
When you visit a hospital or a doctor’s office, you’re focused on the reason that sent you to a medical doctor for treatment. While the doctors are poking and probing you with various instruments and monitoring you with various electronic medical devices, they are recording some of your personal data and other information about you. Any industry that records personal data on its clients is at risk of a cyber breach, and the medical industry is the hackers’ most recent target.
Medical Equipment Is the Hacker’s Latest Target
Manufacturers of medical equipment have focused on making medical devices highly calibrated so that they can help doctors and nurses save lives with little or no focus on cybersecurity protective measures. Some medical equipment manufacturers may have an inkling that their products may be placing patients at risk of breaching personal information; yet, their prototypes have not evolved to the degree that they can protect sensitive patient information. Other manufacturers place their focus on profits and simply don’t care about the residual negative effects on patients.
To make matters worse, medical equipment is increasingly interconnected with other electronic devices. One device can spread a bad virus to another device just as a bad cold or infection can spread from one person to another.
Board Directors Are Overwhelmed With Cybersecurity Warnings
Board directors of health care industries get inundated with information about cybersecurity risks—so much so, that they scarcely have time to read and digest it all. Risks are coming at them from so many sides that they can’t sort out the best places on which to put their focus.
On top of all the cautionary information, health care boards get deluged with solutions and companies pursuing high-cost options to protect them. In total, too much information makes it hard for the board to make responsible decisions, which delays actions that could be protecting their stakeholders at the earliest opportunity.
These are the challenges that make bolstering cybersecurity measures in the health care industry an arduous and laborious task. Boardroom discussions take on a tone of concern as board directors strive to fulfill their fiduciary duties responsibly. It takes a corporate village of varied experts flanking the board table to solve these challenging issues, including cybersecurity experts, the general counsel, the chief information security officer (CISO) and every board director.
HHS Keeps a Pulse on Cybersecurity
The U.S. Department of Health & Human Services (HHS) is the federal agency that is responsible for regulating issues related to the health and well-being of all Americans. As cybersecurity issues begin to encroach upon the medical field, Congress established the Health Care Industry Cybersecurity Task Force to investigate cybersecurity risk relative to the health care industry. The task force’s recent report reviews the cybersecurity issues that today’s health care providers are facing, and offers up valuable suggestions for making improvements. In particular, the report places a marked focus on improving cybersecurity around electronic medical devices.
Cybersecurity in the Health Care Realm Is Challenging to Navigate
For the everyday patient, worrying about having their personal information confiscated and tossed about in cyberspace adds to the emotional drain of getting healthy.
As cybersecurity issues begin to take the center stage of board discussions, board directors are becoming painfully aware of how little they know and understand about cybersecurity issues. It’s a complicated issue that forces board directors to find the balance between allowing the use of essential medical equipment while finding a way to preserve sensitive patient data.
Unfortunately, the recent cyber-attacks that we’ve seen in the health care industry are probably only the tipping point of what is to come. As long as patients need to give their medical practitioners sensitive personal information, the health care industry will continue to be vulnerable.
