Healthcare IT professionals have one of the hardest jobs in the industry, carrying huge responsibilities, but often lacking the required resources to fulfill organizational needs. From mitigating increasing cybersecurity risks to managing newly adopted technologies, there’s much to consider for today’s IT teams—keeping systems ticking over efficiently is really just the tip of the iceberg. While no means an exhaustive list of every issue facing healthcare IT teams in 2018, outlined below are four major challenges that are sure to make their mark in the year ahead.
The rise and rise of BYOD
BYOD (bring your own device) is gaining momentum in healthcare and shows no signs of slowing anytime soon. With smartphones getting smarter, and portable laptops replacing traditional desktop computers, healthcare professionals are increasingly taking their work on the road and home with them. Consequently, by adopting BYOD as a way of working, organizations can enjoy better staff productivity, frictionless communication, and reduced hardware costs.
However, while the potential rewards may be high, harnessing those rewards whilst simultaneously mitigating the associated IT risks is absolutely critical. A lack of control over tools and applications, risk of device loss and theft, and questions around data ownership are just three examples of the challenges faced by IT departments. While these challenges are not unique to healthcare, the risks are intensified for HIPAA (the Health Insurance Portability and Accountability Act) covered entities who need to consider not just cybersecurity, but also unlawful disclosure of private patient information, which can lead to huge fines and reputational damage.
Managing a secure IT network is hard enough within the confines of a practice, but the challenge is significantly harder when devices are being used across multiple, unknown locations. Before embracing BYOD, organizations first need to carefully consider the IT and security implications and develop robust policies to ensure safe and sensible device usage.
The ransomware epidemic
Cyber-insecurity is a major issue in healthcare and is likely to get worse before it gets better. Ransomware specifically is reaching epidemic proportions within healthcare, with the industry falling victim to 88% of all recorded ransomware attacks on U.S. industries in 2016. What’s more, a survey conducted by HIMSS Analytics found that more than three-quarters of healthcare providers (78%) experienced a ransomware or malware attack in 2017, up 89% from the previous year.
Because ransomware exploits an organization’s human and technological weaknesses, preventing attacks requires a multi-angled approach. Organizations must, therefore, ensure they are implementing defense strategies that address both IT and human elements.
Cybercriminals prey on the naive, but as techniques become increasingly advanced, even more astute individuals may find themselves being caught out by ransomware attacks. The onus is on IT departments to train end users to identify the risks and ensure that all staff are kept up-to-date with new ransomware methods.
From a technical standpoint, IT departments must ensure all systems are kept up to date and are running with the latest security software, operating systems, firewalls, and firmware—and at every potential entry point, including network environment, endpoint devices, and email. To assist in their efforts, many IT departments are implementing automated defense systems that monitor network and user activities round-the-clock, as well as employing machine learning tools that analyze suspicious behaviors to identify potential hacking attempts before they occur.
Making sense of big data
The healthcare industry is drowning in data. But in order for that data to yield any real value, organizations must first know how to collect and leverage it. According to a poll by Stoltenberg Consulting, 51% of IT leaders said the biggest barrier to data analytics within their organization is not knowing how much or what data to collect, while 33% said their organization wouldn’t know what to look for even if they had the data in front of them. A further 10% cited a lack of available tools and strategies, and 6% said data analytics was simply too intimidating.
Big data can be overwhelming, but when correctly and fully utilized, it can benefit the healthcare industry in a number of different ways; from identifying high-risk groups based upon common factors to improving patient care to even managing inventory. The possibilities are vast.
Big data is nothing new, in fact, the industry has been sitting on this information for many, many years, but only recently have organizations started to utilize it for the good of their organization, and the industry more generally. 2018 looks set to be the year big data finally makes the switch from buzzword to business asset. And for organizations that invest in the tools and resources to crunch the numbers, the rewards will be massive.
HIPAA compliance has long been a thorn in the side of healthcare organizations, and 2018 will be no different—however, as the technology landscape evolves, so do the challenges. The role of IT in HIPAA compliance has never been more critical, as keeping electronic personal healthcare information (ePHI) records safe, secure, and out of the grasps of cybercriminals is arguably more difficult than ever before. The rise of mobile BYOD is just one of the major HIPAA compliance challenges facing today’s healthcare IT workers.
In addition to providing a secure and reliable environment in which to share, store, and manage sensitive health data, IT departments must also be able to produce detailed evidence of these systems’ ability to meet HIPAA’s stringent Privacy and Security Rules. This should include, for example, log management, data backups, and encryption security of all electronic communications, as well as routine risk analysis and risk management planning.
Looking to the future
So, how can healthcare IT professionals overcome these challenges? Regardless of whether operating from a clinic, a hospital, a health insurance company, as a vendor, or any other type of institution, keeping patient’s private health data secure and controlled begins with gaining network visibility. This involves taking a holistic view of the network’s infrastructure, in order to comprehensively understand the data being monitored. With this information, it is possible to conduct risk assessments, refine policies and procedures, refresh staff training, and work to reduce or even eliminate security vulnerabilities, not just for the year ahead, but well into the future.