In 2015, over 77% of office-based physicians reported using a certified EHR to manage clinical care.[i] From the smartphones in physicians’ pockets, to the vast EHR registries converging upon interoperability and the IoT medical devices in patients’ bodies, there are more ways to generate, access, and use data than ever before.[ii]
Proponents of this data-ization of health argue that the eventual benefit of generating large repositories of easily accessible data will soon make modes of big data analysis possible, allowing machine learning algorithms to optimize patient care beyond what can be humanly conceived. To arrive at such a point, a variety of steps will have to be taken to standardize data reporting, ensuring quality control. However, the recent malware attacks on several health provider organizations make it clear that important issues remain unaddressed, including those of security. For providers, patients, and other stakeholders, the reassurance of a threat-free engagement of big data is essential to its integrated utilization.
Threats on the landscape
Ironically, the very nature of data use in a pluralistic health care sector makes the industry particularly vulnerable to cyber threats. Health care data is only useful when the interoperability of that data is high, but the numerous endpoints, including contractors, third parties, and independents, to which interoperable data can be distributed increases entry points for cyber threats.[iii] Furthermore, there exists a natural trade-off between accessibility and usability of the data, particularly in the kinds of high-pressure decision-making environments typical of health care settings.
The most high-profile cyberattacks in the healthcare industry are ransomware attacks, in which an attacker compromises critical access or system operability until money is paid to the attacker. Other forms of malware can expose or steal patient information for financial gains, though these may be less conspicuous. Apart from damage assumed by individual patients in the wake of a cyberattack, organizations can pay a hefty price in the form of expensive delays in operations and a blow to institutional reputation.
The next steps:
There are two major aspects to data security: that of securing devices with access to the data and that of securing the data repository itself. As malware evolves to be increasingly sophisticated, organizations must allocate increasing shares of their budget to cybersecurity. Given a systemic shortage of IT personnel, many organizations may find it easier to outsource cybersecurity needs to third party securitization providers. Certain steps can also be undertaken to safeguard operations against future attacks, including: improving user security (e.g. multi-factor verification and BYOD-oriented security); virtualization of data; and coming up with contingency data syncs to ensure that facilities remain operational despite attacks. Incorporation of machine learning or behavioural analysis to identify changes in user or system functionality may provide early warnings to cyber threats as well.[iv] These changes will require a degree of administrative centralization that is able to coordinate the cybersecurity needs of care providers and healthcare organizations, including anesthesia management companies.