Welcome!

Blog Feed Post

OnPage Report: The impact of not securing healthcare communications

Recent data from the Journal of Hospital Medicine[1] highlights the battle for secure healthcare communications. Unfortunately, the battle is not progressing as well as one could hope. The statistics cited in the Journal’s July 2017 publication cite the following statistics:

  • Almost 80% of clinicians continue to use pagers. It is the most commonly used technology by hospital-based clinicians
  • 53% of clinicians use text messaging to exchange patient care information
  • 22% exchange text messages that include identifiable patient information
  • Relatively few hospitals have fully implemented secure mobile messaging applications
  • Besides pointing to the progress that remains to be done, these statistics also force us to consider what are the impacts that result from this lack of adoption? Yes, there will probably be more
  • HIPAA fines. Some of those fines might be quite large and expensive. But are there damages beyond fines? The answer is, unfortunately, yes. Beyond the fines are the damages that will result
  • from breached data as a direct result of unencrypted data.

Breadth of unsecure messaging

Many nurses, physicians and administrators continue to remain uneducated about the necessity of using secure messaging in their exchanges with colleagues.  Simply stated, healthcare workers don’t enter their industry to think about message security and encryption. For most healthcare providers, encryption in healthcare is just another nuisance that gets between them and their patients. As one source noted,

[I]t is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care.[2]

To further highlight this fact, many practitioners continue to routinely use unsecure applications for communications such as Facebook and GChat. In fact 52 percent[3] of respondents in a survey said they use SMS/MMS text messages in addition to other popular messaging platforms such as Facebook Messenger, GChat, and WhatsApp. Sadly, many users believe that these third-party platforms are at least somewhat secure.

A major reason why practitioners often text is to avoid the time consuming “message and wait” protocols that pagers demand. By using text messaging, users get much quicker responses and can resolve issues more quickly. But while texting addresses timeliness, standard SMS is not HIPAA-compliant. For that matter, neither are the GChat, WhatsApp or other applications that practitioners often use.

One journal[4] noted that hospital administrators can continue telling nurses and clinicians that they cannot text and that it is unsafe. However, at the end of the day:

Not [texting] is not practical. Without us providing some kind of an option, telling them not to do it is an exercise in futility.

As a result of this lack of encryption, the healthcare industry, from doctors to insurance companies are hemorrhaging patient data. Since 2009, over 29.3 million patient health records have been compromised[5] in data breaches. Despite calls for more security, and legislation like HITECH and HIPAA, the healthcare industry is still struggling to protect its patients.

Messages going rogue

When unsecured devices are used, the exchanged messages are not encrypted and password protected. Additionally, there is no defined list of who can receive the messages so messages can be passed to an unintended individual. As such, if the content of those messages gets into the wrong hands then the content can be used for unintended purposes.

Healthcare is the most vulnerable sector of the US economy when it comes to breaches of patient health information. Healthcare tops the list of the most cyber-attacked industries.  In 2015, one in three Americans were the victim of healthcare data breaches. This figure translates into more than 111 million[6] individuals’ data being lost due to hacking or IT incidents in the U.S. alone. The leading cause of breaches [7]was lost and stolen devices such as smartphone.

In the case of smartphones, many hospitals either explicitly or implicitly allow practitioners to bring their own device (BYOD). With the inherent challenges around developing adequate security measures for messaging on personal devices, sensitive data is left exposed. Many executive have stories of doctors and nurses designing work-arounds that bypass safety and security protocols, or simply using their devices in defiance of HIPAA standards. The issue becomes that if these devices are lost or stolen devices, hospitals and clinics have no way to wipe the device nor do they have encryption and passwords on messaging applications that would prevent improper use of the information.

Mobile devices remain a key access point for PHI and when lost or stolen, the information on the devices often results in costly data leaks. Demand for BYOD is significant among healthcare professionals with approximately 85 percent[8] of healthcare professionals bringing their own devices to work. Given these statistics, it is likely that smartphone use will continue to grow in healthcare and that possibilities for stolen healthcare information will grow alongside it.

Further heightening insecurity about data leaks and cyberattacks, cybersecurity experts agree that it’s not a matter of if or when your data will be hacked, but whether you’ll know[9] your data was hacked.

Download the White Paper to read the rest…

The post OnPage Report: The impact of not securing healthcare communications appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year we saw that a lot of developers need to learn how to do their job in the cloud and we see this DevOps movement that we are catering to with our content," stated Alessandro Fasan, Head of Global Sales at Cloud Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?
Today traditional IT approaches leverage well-architected compute/networking domains to control what applications can access what data, and how. DevOps includes rapid application development/deployment leveraging concepts like containerization, third-party sourced applications and databases. Such applications need access to production data for its test and iteration cycles. Data Security? That sounds like a roadblock to DevOps vs. protecting the crown jewels to those in IT.
SYS-CON Events announced today that Cedexis will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cedexis is the leader in data-driven enterprise global traffic management. Whether optimizing traffic through datacenters, clouds, CDNs, or any combination, Cedexis solutions drive quality and cost-effectiveness.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.