Cyber Security in Hospitals and Healthcare Facilities

“Early last summer, Chinese and Indian armies clashed in a surprise border battle in the remote Galwan Valley…Four months later and more than 1,500 miles away in Mumbai….Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst…those two events may have been connected — as part of a broad Chinese cyber campaign…”

In the ongoing tensions between India and China, cybersecurity has become a hot button issue. Recent reports suggest evidence of foreign malware targeting critical operations in India. Among other operations, Indian healthcare facilities are being perceived as key objects of cyber attacks. With the recent digitisation of operations, hospitals are particularly vulnerable to these attacks. In this background, this blog explores the sensitive nature of healthcare data, and suggests ways for hospitals to protect against cyber attacks.

PII and PHI

Healthcare data is sensitive as it deals with both Personally Identifiable information, and Protected health information. Personally identifiable information refers to data that could ‘possibly identify a specific person’. Examples include address and credit card details. Protected health information refers to ‘any information in a medical record created in the healthcare process’. This could refer to health information such as blood type and allergies. Arguably, PHI is even more sensitive to handle since it cannot be changed.

Incidents of Data Breach

The extent of damages done to hospitals can be reflected in incidents of data breaches. In July, 2015, UCLA health reported a data breach of the records of 4.5 million patients. Investigation revealed that basic encryption of medical data had not been carried out, which made the data vulnerable. As a consequence, ​​names, dates of birth, Social Security numbers, Medicare and health plan identification numbers as well as some medical information were exposed to hackers.

Measures for Protection

For effectively protecting the healthcare facilities from cyber attacks, we outline the following 1​

measures​ :

● Robust IT platforms: It is important for hospitals to have robust IT platforms with a strong application base. These applications should not constantly break down. If they do, they should be restored quickly.

  • ●  Responsible Planning: Hospital staff should carry out regular planning to review the risks posed to the systems. Anti-malware software needs to be installed and regularly updated. And if possible, data needs to be encrypted.
  • ●  Training and Awareness: Humans can make mistakes, and can err in judgement. For reducing the risks in decision making, regular training and awareness is a useful tool. Learn.MetahOS.com has a course on cybersecurity, which can be useful for hospital staff.In conclusion, increasing digitisation will expose hospitals and healthcare facilities to new risks. Healthcare facilities face extra responsibilities due to the sensitive nature of the information. For securing all grounds, strong technology partners can be critical.References:https://economictimes.indiatimes.com/news/defence/china-appears-to-warn-india-push-too-hard-and-the-lights-could- go-out/articleshow/81266286.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

    https://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html

    Argaw, S.T., Troncoso-Pastoriza, J.R., Lacey, D. e​ t al.​ Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. ​BMC Med Inform Decis Mak​ 20, 146 (2020). https://doi.org/10.1186/s12911-020-01161-7

Optimising Communication in Healthcare

In today’s world, several individuals are involved in a patient’s care journey. And all of these individuals constantly share information with the patient. Often, these micro-level interactions determine patient satisfaction.

Poor interactions could lead to dissatisfied patients. Pleasant interactions could result in satisfied patients. Consequently, for improving the patient experience, streamlining communications is essential. In this post, we present the advantages and disadvantages of different communication channels.

Type of Communication
Based on the nature of the interaction, communication can be classified as synchronous or asynchronous. Synchronous communication includes two way interactions such as telephony.
Asynchronous communication involves one way interaction such as text messages.

Synchronous Communication
In healthcare, telephones are commonly used for synchronous communication. They involve simultaneous interactions. However, telephonic interactions are known for regular interruptions. Due to these interruptions, individuals with a heavy workload could face problems in recollection. For example, a busy clinician could forget to take notes if he is interrupted often.

Asynchronous Communication
Asynchronous communication does not involve simultaneous exchange of information. This form of communication could involve SMS messages and whatsapp texts. Although asynchronous communication excludes the possibility of interruptions, it is ineffective in getting urgent messages communicated.

Conclusion
Given their advantages and disadvantages, healthcare facilities need to utilize both synchronous and asynchronous forms of communication. The communication channel can be determined depending on the type of message that needs to be communicated. Consequently, metahOS allows for both forms of communication to take place in a seamless and secure way. This helps in increasing patient satisfaction.

References:
Coiera E. Communication systems in healthcare. Clin Biochem Rev. 2006;27(2):89-98.