Cybersecurity has been an important point of discussion for the last couple of years, and with good reason. As we continue to advance technologically, ways of intruding upon people’s privacy and compromising their online safety have also increased. Health institutions have to take particular care to prevent being compromised because patient data is highly sensitive and valuable.
“The average cost of a data breach incurred by a non-healthcare related agency, per stolen record, is US$158. For healthcare agencies, the cost is an average US$355. Credit card information sells for US$1-US$2 on the black market, but patient health information can sell for as much as US$363, according to the Infosec Institute” (https://www.cisecurity.org/blog/data-breaches-in-the-healthcare-sector/).
These potential earnings from the sale of this data are why the health sector is often targeted. While people can change credit card information, for example, to counter this problem, health information, patient history, name and other personal details cannot be changed.
According to a study published in February by cloud security platform Bitglass, after an analysis of hospital data breaches in the United States in 2020, “healthcare breaches increased 55.1 per cent from 386 in 2019 to 599 in 2020”. Hacking, IT incidents and unauthorised disclosures were the most common reasons for these breaches (beckershospitalreview.com).
Jamaica is on the cusp of a digital paradigm in healthcare. We are moving steadfastly towards full digitisation in the public and private sectors and it is my belief that in the next decade or so we will make great strides towards this goal. This is the first step to securing patient data.
Paper files are often lost and are easily removed from a hospital’s property. In addition, tracking of use is very difficult, unlike with a digitised system where there is a way to note who accessed the files, where, when, including the specific time, which also tells how much time was spent perusing the files. However, this is not the end of ensuring safety of files. As we implement software, we have to concurrently put plans in place to additionally secure our systems and the data that reside on them. This is a participatory exercise.
There are many causes of data breach as well as ways in which one can ensure that their data remain as secure as possible. Various types of malware are usually employed to try to retrieve data from people’s computer. Malware is simply malicious software which include adware, bots, rootkit, trojan, viruses and worms.
One of the most common and dangerous malwares that has gained popularity in recent times is ransomware. Hackers can take over a computer or network and then demand payment to release the files. No health facility would ever want to be in this position, as it could mean complete loss and/or exposure of patient and other data.
Generally, the purpose of all types of malware is to steal information. Installing and frequently running antimalware software will greatly assist with these issues. Most of these are facilitated by user activity and so ongoing education as well as a strong IT policy are important. Staff has to be aware and alert when it comes to malware and how it can be introduced on a computer or in a network.
One of things I insisted on as the owner of a tech company is that we became and consistently remained Payment Card Interface (PCI) compliant. Even though this mostly has to do with the provision of financial services, it is beneficial as a general way to ensure that all your technology systems are secure physically and virtually. It also ensures that things are put in place and constantly monitored so that this status quo remains, even as methods infringing on privacy and security keep changing. It allows you to stay ahead of the game.
As we continue to move forward with healthcare digitisation, we must also put strategies in place to continually reduce the likelihood of data breaches.