Michael Hill Acting Editor , Infosecurity Magazine
The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the education sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?
One sector that often seems to draw particular interest when it comes to information security is healthcare. According to BakerHostetler’s 2019 Data Security Incident Response Report, healthcare suffered the highest number of breaches compared to other industries in 2018. The Internet Society’s Online Trust Alliance also cited healthcare as the lowest performing industry when it comes to placing a premium on security and privacy in its 10th annual Online Trust Audit & Honor Roll.
What’s more, recent research from Malwarebytes Labs revealed that there are a number of malware types targeting the healthcare sector, discovering that more than 75% of the top five malware variants effecting healthcare are trojans.
The healthcare industry clearly faces significant challenges, difficulties and risks in its information security strategies, mostly due to its dependence on an extremely high number of vulnerable legacy IT systems that are still widely used, not to mention tight budgets and immense workforce numbers.
It was interesting to see, then, that despite BakerHostetler’s research suggesting that the healthcare industry suffered more data breaches than any other sector last year, most NHS trusts are yet to fully embrace digital patient records and so the vast majority of healthcare data is actually still paper-based and (in many ways) ‘safe’ from the countless cyber-risks that so often threaten digital information.
OpenText obtained data from a Freedom of Information (FoI) request, issued to 74 NHS Trusts across the UK, with 52 responding, discovering that just 12% of responding Trust are fully digitized, with only 37% stating that more than half of their patient records are in digital format.
That’s despite the Government’s plans for a paperless NHS by 2020 to address the healthcare system’s lack of interoperability. What that suggests is not only that a lot of NHS Trusts have a great deal of work to do to reach that target (62% of Trusts have plans to digitize all patient records, with 21% planning to do so in the next two years), but also that there will be a an immense amount of patient data moving from paper to digital formats in the near future.
One the one hand, that provides an opportunity to modernize a sector that has long suffered from outdated and slow processes, many of which were established 70 years when the NHS was founded. By going digital, the NHS will have the opportunity to ease the burden of managing complex interactions and data flows between trusts, systems and individuals, improving the quality of patient care and healthcare outcomes in the UK.
On the other hand, the issue opens up a whole host of data security and privacy risks. The digital transformation of the healthcare sector will pose a significant challenge for an industry that has always struggled to manage and maintain solid information security practices, so approaching it with an absolute focus on security best practices that have so often been lacking will be paramount.
The very last thing that the healthcare industry needs is another WannaCry outbreak, but with more and more of its data moving to digital environments that are rife with cyber-risk, the likelihood of such will be even greater if the correct security processes, technology and training are not embedded from the very beginning of the healthcare sectors digital transformation journey.