Blog Feed Post

OnPage Report: The impact of not securing healthcare communications

Recent data from the Journal of Hospital Medicine[1] highlights the battle for secure healthcare communications. Unfortunately, the battle is not progressing as well as one could hope. The statistics cited in the Journal’s July 2017 publication cite the following statistics:

  • Almost 80% of clinicians continue to use pagers. It is the most commonly used technology by hospital-based clinicians
  • 53% of clinicians use text messaging to exchange patient care information
  • 22% exchange text messages that include identifiable patient information
  • Relatively few hospitals have fully implemented secure mobile messaging applications
  • Besides pointing to the progress that remains to be done, these statistics also force us to consider what are the impacts that result from this lack of adoption? Yes, there will probably be more
  • HIPAA fines. Some of those fines might be quite large and expensive. But are there damages beyond fines? The answer is, unfortunately, yes. Beyond the fines are the damages that will result
  • from breached data as a direct result of unencrypted data.

Breadth of unsecure messaging

Many nurses, physicians and administrators continue to remain uneducated about the necessity of using secure messaging in their exchanges with colleagues.  Simply stated, healthcare workers don’t enter their industry to think about message security and encryption. For most healthcare providers, encryption in healthcare is just another nuisance that gets between them and their patients. As one source noted,

[I]t is unclear if resident providers are aware of the security concerns of SMS text messaging when communicating about patient care.[2]

To further highlight this fact, many practitioners continue to routinely use unsecure applications for communications such as Facebook and GChat. In fact 52 percent[3] of respondents in a survey said they use SMS/MMS text messages in addition to other popular messaging platforms such as Facebook Messenger, GChat, and WhatsApp. Sadly, many users believe that these third-party platforms are at least somewhat secure.

A major reason why practitioners often text is to avoid the time consuming “message and wait” protocols that pagers demand. By using text messaging, users get much quicker responses and can resolve issues more quickly. But while texting addresses timeliness, standard SMS is not HIPAA-compliant. For that matter, neither are the GChat, WhatsApp or other applications that practitioners often use.

One journal[4] noted that hospital administrators can continue telling nurses and clinicians that they cannot text and that it is unsafe. However, at the end of the day:

Not [texting] is not practical. Without us providing some kind of an option, telling them not to do it is an exercise in futility.

As a result of this lack of encryption, the healthcare industry, from doctors to insurance companies are hemorrhaging patient data. Since 2009, over 29.3 million patient health records have been compromised[5] in data breaches. Despite calls for more security, and legislation like HITECH and HIPAA, the healthcare industry is still struggling to protect its patients.

Messages going rogue

When unsecured devices are used, the exchanged messages are not encrypted and password protected. Additionally, there is no defined list of who can receive the messages so messages can be passed to an unintended individual. As such, if the content of those messages gets into the wrong hands then the content can be used for unintended purposes.

Healthcare is the most vulnerable sector of the US economy when it comes to breaches of patient health information. Healthcare tops the list of the most cyber-attacked industries.  In 2015, one in three Americans were the victim of healthcare data breaches. This figure translates into more than 111 million[6] individuals’ data being lost due to hacking or IT incidents in the U.S. alone. The leading cause of breaches [7]was lost and stolen devices such as smartphone.

In the case of smartphones, many hospitals either explicitly or implicitly allow practitioners to bring their own device (BYOD). With the inherent challenges around developing adequate security measures for messaging on personal devices, sensitive data is left exposed. Many executive have stories of doctors and nurses designing work-arounds that bypass safety and security protocols, or simply using their devices in defiance of HIPAA standards. The issue becomes that if these devices are lost or stolen devices, hospitals and clinics have no way to wipe the device nor do they have encryption and passwords on messaging applications that would prevent improper use of the information.

Mobile devices remain a key access point for PHI and when lost or stolen, the information on the devices often results in costly data leaks. Demand for BYOD is significant among healthcare professionals with approximately 85 percent[8] of healthcare professionals bringing their own devices to work. Given these statistics, it is likely that smartphone use will continue to grow in healthcare and that possibilities for stolen healthcare information will grow alongside it.

Further heightening insecurity about data leaks and cyberattacks, cybersecurity experts agree that it’s not a matter of if or when your data will be hacked, but whether you’ll know[9] your data was hacked.

Download the White Paper to read the rest…

The post OnPage Report: The impact of not securing healthcare communications appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
DXWorldEXPO LLC announced today that Kevin Jackson joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Kevin L. Jackson is a globally recognized cloud computing expert and Founder/Author of the award winning "Cloud Musings" blog. Mr. Jackson has also been recognized as a "Top 100 Cybersecurity Influencer and Brand" by Onalytica (2015), a Huffington Post "Top 100 Cloud Computing Experts on Twitter" (2013) and a "Top 50 C...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory? In her Day 2 Keynote at @DevOpsSummit at 21st Cloud Expo, Aruna Ravichandran, VP, DevOps Solutions Marketing, CA Technologies, was jo...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...