Can health consumers trust us with their private data?

Can health consumers trust us with their private data?

Image: pixabay.com

One of my favourite episodes of the SF series Battlestar Galactica begins during peace time: the Cyclon war is long over and old battle ships are decommissioned – like the Galactica. The ship is transformed into a museum.

However, the decommissioning ceremony has barely finished as a new Cyclon attack begins. Modern spaceships are quickly destroyed by a fatal computer virus that uses the fleet’s network. Because the old, bulky Battlestar Galactica is a standalone ship and not equipped with networked computers, it escapes the attack and plays a vital role in the search for the mythical planet earth.

How secure are healthcare services?

In a Wired article titled It’s insanely easy to hack hospital equipment, Kim Zetter gives a frightening account of security issues in a US hospital with networked medial records, surgery robots, drug infusion pumps, bluetooth-enabled defibrillators, x-ray and imaging databases, and temperature settings of refrigerators storing blood and drugs.

Only the anaesthetic machines were safe as they were not interconnected and didn’t allow remote web administration. There’s the analogy with the Battlestar Galactica…

Some say digital security in healthcare is stuck in the Stone Age. In Australia, online government portals like my.gov.au give access to E-health records (PCEHR), Centrelink, Medicare, Child Support and the Department of Veteran Affairs. But IT security experts warn that these linked databases are at the mercy of of hackers because of flimsy security.

Connecting medical equipment

A few years ago, when we introduced free WIFI in our waiting rooms, we discovered potential security risks that had to be mitigated first. That was just a small WIFI network. Australia’s first digital hospital will soon open its doors.

It’s an amazing, innovative project. The hospital network contains 310 km of fibre-optic cable – everything is connected: E-health records (PCEHR), blood pressure machines, insulin pumps, X-ray equipment, renal dialysis and anaesthetic machines – even the whereabouts of doctors and patients is recorded via electronic badges.

Medical equipment is usually reliable and safe, but has not always been designed to encrypt and store information securely. If you start connecting it all up to a network in hospitals and practices, scary things can happen.

Insider misuse is common

Protecting a network from external threats outside the firewall is crucial. But networks should also be protected from inside threats, such as unhappy employees. Research shows that many employees who lose their jobs, leave with confidential company data. Insider misuse happens more often in healthcare than in other industries.

Lack of knowledge is another security threat, for example when healthcare workers write down or share passwords, accidentally open infected email attachments or download malicious data from the internet or other carriers, like memory sticks. Loss or sharing of data carriers including business phones and laptops are also common scenarios.

The next black swan?

On the black market healthcare records and insurance credentials are worth 20 times more than credit card details. Healthcare data is combined with other information into complete packages, sold for $1000 or more – reason why the FBI has warned health care providers security is too lax.

ASIC Australia Chairman Greg Medcraft said cybercrime across the world is rising, adding up to an annual cost of $110 billion. “Cybercrime is a systemic risk and is potentially the next black swan event,” he said.

Conclusion

Advancing technology is exciting but creates challenges at the same time. Secure equipment is a basic requirement. It’s good practice to have a data security policy in place. Staff should be educated and reminded regularly of the do’s and don’ts.

Sensitive patient and business records should be monitored closely. Data leak protection systems are able to restrict and monitor what data is copied and by whom. Accounts should be shut down when people leave the organisation.

And that’s only the beginning.

One thought on “Can health consumers trust us with their private data?

  1. A Battlestar Galactica reference – Edwin how could you! We are working hard to get rid of our ‘nerd’ titles and here you are dragging up a corker! (PS. I watched that show too…)

    Leaks in data systems are difficult but clinics are particularly good at keeping data secure. It is the ‘data’ which is discussed by the patient in the waiting room, the letters which they lose in the street or leave behind at the coffee shop, and the offhanded comment by the doctor in the waiting room to staff about ‘following up so and so’s US’.

    Difficult to stop all the leaks. Luckily the people who actually look to benefit from this information are few. It is about being aware but not alarmed.

    Like

I'd love to hear from you! Please leave a comment:

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s