Healthcare News & Insights

4 ways to protect information in a data-driven healthcare system

Health care is a data-intensive industry. Technological advances have allowed healthcare organizations to use real-time data visualizations to improve their reporting capabilities and response times. Considering that 2.5 quintillion bytes of data are produced every day, the issue clearly isn’t going away. In this guest post, Wendy Schott, CMO of a data stream network delivering real-time APIs for developers, offers four steps on how you can safeguard your hospital’s sensitive data.

__________________________________________________________

So just how safe is all this data?

The Identity Theft Resource Center reported a record number of security attacks in the U.S. in 2014. The same report found that health and medical companies have become bigger targets, accounting for 42.5% of reported breaches that same year.

We’re putting increasingly vital healthcare information on the internet while relying more heavily on technology to treat patients. Healthcare providers put sensitive data at risk every day when they:

  • store and transmit patient health records and sensitive data, such as Social Security numbers.
  • connect physicians and patients via apps and internet portals, and
  •  connect medical devices to the Internet of Things (IoT) and stream their readings.

This technology offers great opportunities to improve patient-centered care, but it also makes health care a bit of a hacker’s paradise.

Myriad healthcare hurdles

The healthcare industry is a major target for hackers, largely because security hasn’t kept pace with technological advances. Tight budgets, tighter regulations, and rapid advances in patient care have all contributed to this security gap.

Budget crunches and scarce resources can prevent healthcare organizations from having enough money to provide proper security. These financial issues sometimes cause hospitals and clinics to use old applications and technology that can’t be effectively safeguarded. Researchers studying hospital network security found that one healthcare organization leaked data from 68,000 systems hooked up to its network. This particular leak was tied to systems that either weren’t configured properly or were running old versions of its operating system.

Stringent regulations also pose problems for healthcare software. Developers face the difficult task of creating cloud-based solutions that operate on public networks while adhering to security regulations for electronic health data. Considering that health care’s cloud adoption increased from 25% to 41% between 2014 and 2015, this issue certainly isn’t going anywhere.

The growth of the IoT is partially to blame for security gaps. The influx of thousands of new embedded medical devices offers incredible opportunities for remote monitoring, but they’re hard to secure, making them easy targets for hackers. Hackers have managed to inject malware into medical devices, spreading the virus across an entire network. St. Jude Medical, for example, recently patched its pacemakers, defibrillators and other medical devices to fix a vulnerability that could have allowed hackers to access and alter communications.

There are plenty of reasons for health care’s susceptibility to hacking, but that doesn’t absolve healthcare leaders and technology professionals from doing everything possible to shore up their defenses.

4 steps to safeguard sensitive data

The battle might feel somewhat lopsided, but protecting sensitive data is as simple as taking an active role in locking down your network-connected applications and devices.

Here are four ways to make a difference:

  1. Ditch open inbound ports. For a server to push data, another application or device must be listening. This requires a constantly open inbound port, which is basically an attack waiting to happen. Instead, use a secure messaging network that only makes outbound connections. To support this network, you’ll need to use a publish/subscribe communication method based on protocols such as CoAP, MQTT, WebSockets, and HTTP 2.0 without open ports. By having devices send data bidirectionally, this outbound-only model eliminates one major threat to medical devices and healthcare networks.
  2. Use end-to-end encryption. Secure Sockets Layer and Transport Layer Security were once the standards when transferring medical data and communications between embedded devices. While both are still viable for routine data transmission, data from embedded IoT devices requires a more secure setup. For end-to-end security, encrypt your data with Advanced Encryption Standard. Only devices with encryption keys can decrypt AES data when it’s pushed and received, providing full end-to-end security.
  3. Adopt token-based access control. Data encryption is a great step, but you still need to control who and what can transmit and receive data. Instead of asking millions of devices to filter out topics they don’t subscribe to, have your network handle the bulk of this task.
    Within the publish/subscribe paradigm, token-based access control allows you to distribute tokens to devices and grant access to specific data channels. This gives you fine-grained control over the tokens that are created, the devices that receive those tokens, and the data that those tokens grant access to. Your network effectively becomes a traffic cop, controlling which devices can speak and listen to the network.
  4. Make setup and upgrades user-friendly. Embedded devices need to be set up and configured properly, but they also require regular firmware updates to stay secure. A publish/subscribe paradigm using the standard outbound ports makes it simple to set up IoT devices and real-time networks securely while keeping them updated. This approach has connected devices and servers communicate directly, giving you a plug-and-play security experience.

Health care has a few inherent vulnerabilities to hackers, but it’s incumbent on industry leaders and technology professionals to close potential loopholes and protect data. By taking a few steps to safeguard this information, practitioners can reap the benefits of big data and technology without exposing patients or healthcare organizations to security risks.

Wendy Schott is CMO at PubNub, a data stream network delivering real-time APIs for developers. A self-proclaimed tech geek, Wendy has more than 20 years of experience in marketing, and selling infrastructure and enterprise software.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.