Device Vulnerabilities: A Blind Spot for Healthcare


Posted on: October 18, 2019 by Heather Haugen

Security breaches in healthcare organizations continue at an alarming rate impacting their reputation, productivity and financial health. In May, nearly 2 million healthcare records were breached across 44 organizations. Beyond the obvious risk to patient privacy, the CIOs cited the significant decrease in organizational productivity as a chief impact of these breaches. The financial punch is staggering when you consider that the average cost of a healthcare data breach in the US is $15M.

With eroding margins, the business simply can’t afford a breach of any size. Yet, electronic health records remain the target for cybercriminals because of their value on the black market.

In 2018, Health and Human Services issued cybersecurity guidelines for the healthcare sector. The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, provides voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.

The guidelines provide important insights, best practices and guidance from over 150 cybersecurity and healthcare experts from industry and the government.  This important guidance lays the foundation for how we approach security across the entire healthcare landscape.

The work done by HHS highlights an additional area of vulnerability in healthcare. Connected medical devices like pacemakers, insulin pumps, magnetic resonance imaging (MRI) and computerized tomography (CT) machines and patient monitoring systems are deeply integrated into the clinical workflow and represent a new access point for hackers. These technologies can be exploited to gain access to personal patient data or render entire hospital systems inoperable.

The need for better endpoint visibility and control is a blind spot for many healthcare organizations – lacking an affordable and effective approach.

Atos delivers comprehensive security technologies and processes globally to retail, energy, education, hospitality, manufacturing, financial services, healthcare and government sectors. Our methodology provides the flexibility and expertise to help clients develop both effective and affordable security solutions.

5 recommendations to strengthen healthcare organizations against hackers:

1.       Develop stronger end point protection systems

2.       Train your teams on email protocols to ensure your systems are effective

3.       Create a process for collaboration between facility (owners of the medical devices) and information services/technology (owners of the network and applications) for your IoT security strategy

4.       Examine your incident response practices and practice them

5.       Evaluate your cybersecurity policies and procedures.

6.       Ensure systems are properly patched.

The risk of a security breach continues to increase for healthcare organizations, placing tremendous pressure on healthcare leaders to ensure they have a solid foundation of security and the insights needed to manage vulnerabilities within IoT into the future. As we consider the value of protecting patient data, Atos has both the breadth and depth of industry expertise in cybersecurity. Patient’s deserve the peace of mind from having their identity and personal information secured.

Share this blog article


About Heather Haugen

Chief Science Officer for Digital Health Solutions for Atos and member of the Scientific Community
Dr. Heather Haugen has deep expertise in health information technology and a passion for research and the application of those outcomes to the challenges that currently exist in healthcare.  She is the Chief Science Officer for Atos in their Digital Health Solutions division.  Prior to her current role, she was the Managing Director of The Breakaway Group, A Xerox Company.  She has served in research, development and information systems leadership roles. Her past roles have led to a unique mix of experience, including conducting rigorous research, leading development efforts based on research outcomes, and leading and developing top-performing teams. Haugen has more than 20 years of research experience in both the academic and private sectors. Her research and methodology is published in her latest book, Beyond Implementation: A Prescription for the Adoption of Healthcare Technology, which is the second edition and a National Bestseller.  Dr. Haugen holds a faculty position at the University of Colorado Denver- Anschutz Medical Center as the Director of Health Information Technology, where she actively mentors doctoral students and teaches courses. She is also the author of Beyond Implementation: A Prescription for the Adoption of Healthcare Technology.

Follow or contact Heather