Healthcare data insecurity: Lack of access controls or tech advances?
When it comes to protecting personal health information, legacy processes are just as vulnerable as legacy operating systems, hardware and software. In other words, the lack of proper access controls for technological advancements in healthcare, leaves private data susceptible to attack.
“Just because our EHR [Electronic Health Record] forces a username and password, doesn’t mean you’re compliant,” said Mac McMillan, chair of the HIMSS Privacy & Security Policy Task Force at the 2016 HIMSS Annual Conference & Exhibition.
At last count, the Anthem breach is estimated to cost $31 billion — a pricey lesson on healthcare security best practices and, specifically, how to control access to sensitive data in organizations. Anthem authorities believe the lack of proper access controls allowed hackers who had gained authorized credentials to breach Anthem’s patient information. The vulnerability was not in the operating system, hardware or software, but in the process of managing proper access controls.
Until healthcare as an industry improves both its legacy technology and adoption of security practices — including data access control — cybercriminals will continue to view healthcare data as a vulnerable target.