The Growing Concern of Cyber security in Healthcare

Dino Scanio is a results-driven Healthcare Executive with extensive experience in business and clinical management. He excels in driving efficiency, optimizing service lines and enhancing patient care across multiple hospital locations. Skilled in O&P care, strategic planning, and crossdepartmental collaboration, Scanio leverages influential relationships to achieve objectives effectively and within budget.

An area that has piqued my interest lately is healthcare technology, particularly the integration of AI. As we embrace AI advancements, we also confront heightened cybersecurity risks within the healthcare industry. These risks are becoming increasingly prevalent as AI technology expands, opening up new fronts for cyber threats.

Cybersecurity Challenges In Healthcare Technology

We recently learned from a survey conducted in March 2024 by the American Hospital Association, which involved 1,000 hospitals. Shockingly, over 80% of these hospitals reported that cyber attacks had impacted their cash flow. For 60% of them, the financial repercussions amounted to millions of dollars in losses daily. Additionally, 74% experienced disruptions in direct patient care due to cyber attacks on their systems. These statistics show how these challenges are spreading across healthcare institutions.

Currently, we’re still in the early stages of fully utilizing AI technology in healthcare. AI opens up new avenues for integrating systems, such as through wearable diagnostics, clinical assessments, developing clinical pathways, and even AI-assisted dictation with physician visits. While these enhancements can improve healthcare to a certain extent, they also introduce potential vulnerabilities to our systems. That’s why it’s critical for organizations and clinics to assess and strengthen their IT infrastructures, particularly focusing on cybersecurity mitigating measures.

In addressing these issues, one key consideration is how we approach cybersecurity. Should we rely on external consulting firms specializing in cybersecurity risks, or should we invest in developing in-house expertise? Budgeting appropriately for cybersecurity has historically been a challenge for many organizations. In the past, this aspect of IT infrastructure was often overlooked or underfunded, especially when compared to other technological advancements like EMRs and wearable diagnostics that have evolved significantly over the past decade. Now, that has changed. The financial investment required to protect our patients and our systems through cybersecurity measures is substantial but essential.

The return on this investment lies in safeguarding sensitive patient data, ensuring operational continuity, and mitigating threats effectively. It’s not just about allocating funds; it’s about implementing training programs for staff and establishing clear protocols to respond promptly to cybersecurity threats.

Securing Healthcare Systems Against Evolving Cyber Threats

In our day-to-day operations, we prioritize continuous training. Typically, we conduct quarterly training sessions where our system sends simulated phishing threats to our staff. This helps us gauge their readiness and ability to identify potential threats. We scrutinize details like email address authenticity, subject lines, sender names, and even the timing of emails—whether they arrive during working hours or after. These drills ensure that our team remains vigilant against potential threats that could compromise our systems.

I believe that most healthcare organizations, including hospitals, are actively implementing similar training protocols. Given the current global political situation and the risk of cyber terrorism, it’s essential that all our systems, including those in healthcare, banking, and military services, are strongly protected against threats. Healthcare, in particular, holds sensitive patient information that, if compromised, could lead to significant consequences. It involves not just financial and personal data but also potential Health Insurance Portability and Accountability Act violations if cybersecurity measures are inadequate. The more critical consequence is the risk or delay in patient care that jeopardize one’s life.

An important consideration is whether there are enough cybersecurity experts trained in the United States to meet the demand. Currently, expertise in this field seems insufficient. Many healthcare organizations, unless they are large systems, are likely to engage specialized consulting firms to reinforce their cybersecurity defenses.

I also believe it’s crucial for senior and executive leadership within healthcare organizations to collaborate effectively. There should be proactive collaboration among systems nationwide. We need to prioritize education at conferences for physicians, staff, and ancillary services to understand the full extent of cybersecurity threats—how they occur, how to address them, and their potential consequences. The more knowledge we have, the better we can grasp the seriousness of the situation and prepare accordingly. Emphasizing leadership education in this area is vital. We need leadership buy-in to ensure we protect our patients. Ultimately, it’s not just about safeguarding the organization’s reputation but also about protecting the well-being of our patients and everyone under our care.

Future of Cybersecurity In Healthcare

Looking ahead, I foresee increased partnerships shaping the future of healthcare cybersecurity. Organizations will likely forge more alliances, particularly with consulting firms. In healthcare, there’s a tendency to invest in these partnerships. This collaboration could involve bringing in cybersecurity consultants for annual system assessments and threat evaluations. It goes beyond just assessments; organizations will have options to make their cybersecurity strategies. They might opt for annual or biannual assessments, ongoing system monitoring, or regular staff training sessions.

These partnerships might also extend internationally, tapping into expertise from other countries where healthcare cybersecurity is well-established. The demand for skilled cybersecurity professionals in the U.S. might necessitate seeking out international collaborations. It’s essential to acknowledge that no organization is immune to cybersecurity risks. Continuous training and preparedness are crucial. Rather than reacting to incidents, our focus should be on proactive measures to prevent them from occurring in the first place.