In the race to digitize the healthcare industry, providers, insurers and others in the multi-layered ecosystem have failed to take some of the most basic steps to protect consumers' sensitive health information, a senior government official is warning.
Servio麦地那,在国防卫生局的政策分支代理COO,最近的一次演讲,太多的医疗违规行为是基本的错误,无知或疏忽员工在产品中警告。
"These are things that could be prevented," Medina said. "Today's training and awareness efforts that we provide currently are simply not effective. They are not enough. We have to do something radically more and different."
Human element puts healthcare data at risk
Medina is arguing for a more concerted effort to address what he refers to as "the human element" of the healthcare data breach, citing a Defense Departmentmemoissued last September that called attention to the need to improve what it called the "cybersecurity culture" at the Pentagon.
[ Related:Security threats, hackers and shadow IT still plague health IT]
“几乎所有的过去成功的网络渗透可以追溯到,允许对手来获得访问,在某些情况下,一个或一个以上的人为错误,开发关键任务信息,”国防部长阿什顿·卡特和马丁·登普西,当时的主席联合参谋本部,在备忘录中写道。“在保卫[美国国防部的网络]提高对网络安全个人人权的性能水平提供了巨大的影响力。”
Medina's agency, which sits at the intersection of the military and healthcare and arenas, presents a target-rich environment for cyber criminals and other groups of digital adversaries. But the health sector in general has become a favorite target of hackers for a rather logical reason.
"The healthcare record is an incredibly valuable source of information," Medina said. "There's so much information in the healthcare record. It's not just a Social Security number. It's not just a bank account. It's not just PII like your home address or PHI like your diagnosis. It's all of it rolled together."
[ Related:Big data essential to cancer moonshot]
Medina cited a recent study by the Ponemon Institute that noted an alarming spike in attacks on healthcare organizations, finding that, for the first time, criminal activity accounted for more health-data breaches than any other cause.
Since 2010, the volume of criminal attacks on healthcare outfits has jumped by 125 percent, according to Ponemon, which also reported that 91 percent of all healthcare organizations have been hit by at least one data breach.
[ Related:Healthcare’s biggest public confidence challenge, security and privacy]
While criminal activity is now the leading cause of those attacks, "employee negligence and lost/stolen devices continue to be primary causes of data breaches," Larry Ponemon, chairman and founder of the institute, said in a statement.
更好的网络卫生
In his call for better cyber hygiene, Medina draws a very analog parallel. In 2007, Johns Hopkins Hospital launched an awareness campaign aimed at encouraging employees to regularly wash their hands, highlighting the degree to which proper hand hygiene can reduce infection rates and the spread of diseases.
Medina would like to see a similar campaign in cyber, one that would call attention to the risks of clicking on unfamiliar links or opening attachments, leaving physical devices lying around or accessing work documents through a personal email account.
"These are examples of things that are so simple not to do," Medina said. "I'm certainly not saying that if we wash our hands we will prevent the spread of infection, nor am I saying that we can eliminate risk, but we certainly have the responsibility to reduce how much we contribute to the risk of information."
This story, "Human error biggest risk to health IT" was originally published byCIO .