Connected devices and digital records are revolutionizing healthcare and wellness. But the industry is still behind on addressing security concerns that could affect practitioners and patients.
The healthcare industry has come online in a significant way fairly recently, which has helped with efficiency and accuracy. But while that industry has scaled digitally, it has not brought strong security concerns along with that growth. A year long study conducted by the Washington Post has determined that many healthcare services and devices are vulnerable to hacking. From vulnerabilities could lead to data loss, or data access that could lead to identity theft, as well as other possibilities. These security weaknesses were typically found in approved electronic health records (EHR) computer systems, an electronic prescription medication machine, and cloud storage usages.
Connected medical devices shown vulnerable to online risks
The Government Accountability Office looked at one of these concerns in particular. The source study found information security risks in a number of medical devices. The issue of security is a new one for manufacturers of these devices, especially from intentional threats, but can benefit from the infrastructure that has been built to address such risks in other industries. Researchers found that items such as defibrillators and insulin pumps were vulnerable to weaknesses that could be exploited with great risk to patients. The FDA is primarily responsible for evaluating the safety of these devices, and information security must become a significant concern to address when they evaluate them.
Besides code vulnerability, staff practice also causes risks
But many risks come about due to attempts at time saving or in the hopes of improving communication. A number of risks covered in the security survey were brought about by individuals. In one case for instance, wireless iPads were being used by new medical residents at the University of Chicago medical center. All the residents accessed files from a DropBox account with a single username and password, both of which were published online in the initiative’s manual. This type of practice is hazardous in this situation due to the risk of hackers planting PDFs or other files that include harmful code that would be downloaded to all these iPads, and invade the hospital networks. In other words, improving the security of the digitized healthcare industry also starts with educating staff to those risks.