Sometimes, working in IT security is like being a parent. You set rules to keep the people you’re responsible for safe, but still they decide to ignore you when your rules conflict with what they want to do. And then people (and organizations) get hurt.
This happens a lot with the different ways medical and IT professionals look at cyber security. IT’s main goal is to keep the organization secure, and doctors and nurses want to serve their patients to the best of their ability. If they think IT’s rules are keeping them from doing their job well, they find (potentially risky) workarounds. Their workarounds inadvertently threaten healthcare organizations and their patients’ private information, to the point that even Congress has taken note of the situation.
Tucked inside the US government’s $1.1 trillion budget bill is a provision called the Cybersecurity Act of 2015, and even deeper inside that is a very small section that addresses health IT security.
The struggle is (really) real
As we’re all acutely aware, health IT professionals have been struggling to secure their systems and their data. Because healthcare is a highly regulated industry, its CIOs and other IT leaders have prioritized security over usability. But, just like in every industry, healthcare professionals prize usability, and if their employer isn’t providing the tools they think will make their jobs easier and more effective, they start using their own smartphones, email accounts and cloud storage to share health information. This “shadow IT” is putting everyone’s healthcare data at serious risk.
And healthcare organizations know it. In our study last year, 63% of surveyed healthcare organizations say mobile devices are the weakest link in their enterprise security framework, and only 25% are very confident their data assets are protected from unauthorized access via mobile devices.
The trouble is, they’re not doing the right things to keep our healthcare data secure. And Congress, in the Cybersecurity Act, is telling the healthcare industry to fix it.
While the Cybersecurity Act is a small piece of the overall budget bill, it’s generated a lot of conversation – and controversy. Its stated goal is to govern cyber threat information sharing in order to keep our computer networks and devices more secure. Some praise it for its efforts to stop hackers, while others believe that it doesn’t do enough to protect privacy and may subject citizens to government surveillance.
Here’s what the Cybersecurity Act says specifically about health IT security:
“The Department of Health and Human Services must convene a task force to: (1) plan a single system for the federal government to share intelligence regarding cybersecurity threats to the health care industry, and (2) recommend protections for networked medical devices and electronic health records.”
Is a task force the best we can do?
Convening a task force is hardly a big stick, right? Task forces are usually slow, politically motivated and make recommendations that aren’t binding on anyone. I think it’s a (small) step in the right direction, and I’m glad they included the rampant problems with networked medical devices in the bill.
But I don’t think the healthcare industry can afford to wait for a government task force’s recommendations before making its moves, nor does it have to. We already have the technology to provide end-to-end security for healthcare data and communications networks, and there’s a lot of momentum around establishing the certifications needed to set the bar high on healthcare security.
Many smart organizations and people are working hard to fix healthcare security problems, and I believe BlackBerry, with its experience and cross-platform portfolio of enterprise solutions, is poised to become the industry leader. Consider what we already have to offer:
- BES12, Good Container and WatchDox deliver best-in-class enterprise mobility management (EMM) capabilities, including BYOD management and secure data and file sharing across all platforms.
- Good Apps, BBM Enterprise (formerly known as BBM Protected), SecuSMART and AtHoc ensure secure communication and collaboration, including secure voice calling and crisis communications.
- Good Wearables, AtHoc and QNX secure connected medical devices and other Internet of Things technology.
- VPN Authorization and Enterprise Identity for single sign-on and multifactor authorization secure identity and access management make sure only the right people can access the healthcare system’s network.
The healthcare industry has unique challenges, including regulatory requirements, cost pressure, demand for ease-of-use and dependability, and BlackBerry understands how to meet them. That’s why healthcare organizations including Mackenzie Health, the US VA, Caprecom and Hiranandani Hospital have chosen to work with us.
As 2016 progresses, the pressure on healthcare organizations to solidify their IT and communications security posture will intensify, and BlackBerry stands ready with its best-in-class security solutions that also protect personal privacy, surrounded by world-class service and support.
Mobility offers enormous potential for delivering the best quality patient care, but there are a lot of issues to consider in creating a secure mobile healthcare strategy. Our new book, The BlackBerry Guide to Mobile Healthcare is a great start. Click here to get your free copy. Also, visit BlackBerry Enterprise Webcast Central for archived webcasts on Why Home Healthcare Should Go Mobile, Clinical Collaboration and Hospital Staff Coordination and other topics of interest to you.