Whilst we embrace digital programs and solutions to innovate and support health system change, we must be aware of the ever increasing and inherent risks to health operations and the protection of health related data.
This roundtable explored the question: how do we balance innovation against risk?
We welcomed an international guest – Theresa Meadows, Senior Vice President and CIO at Cook Children’s Health Care System in Dallas Texas, and Co-Chair of US Department of Health and Human Services Healthcare Industry Cybersecurity Taskforce (Taskforce). Theresa provided perspectives on the question of significance and the current state of cybersecurity in healthcare.
Additionally, Professor Trish Williams, Chair and Professor of Digital Health Systems at Flinders University, aided Theresa and led the discussion focused on innovation and the digital change agenda within healthcare, which is the theme of this series. Finally, we were also fortunate to have Simon Eid, Country Manager ANZ for Splunk, who provided specific insights and industry trends in cybersecurity, analytics and the protection of data across industries including healthcare.
Cybersecurity in healthcare is becoming an increasingly important topic to all stakeholders in health involved in data collection and use. This includes, but is not limited to healthcare service providers, medical device manufacturers, health insurers, pharmaceutical companies, healthcare professionals, and individual patients. Risks posed include legal and reputational risks of loss of confidentially held data, operational risks for organisations whose networks can be effectively shut-down, and identity fraud risks with people obtaining health-related data. In the US, 45% of all hospitals and health service providers faced some cybersecurity threat last year. On the black market an individual medical record sells for $50 USD whereas credit card details sell for just $1 USD. A significant amount of these cybersecurity attacks are automated and originate from all parts of the world. “Ransomware is about making money” and health is an increasingly attractive area as we go more digital.
The roundtable discussion sought to provide an international update on cybersecurity in healthcare, in particular what the Taskforce in the US is aiming to accomplish, and to pose the question of how do we innovate and reform whilst dealing with increasing and more sophisticated cyber threats? The discussion focused on a number of key themes on governance, risk appetite, protecting and sharing information, organisational preparedness, using security as part of innovation, and thinking differently about data in healthcare.
A number of take-away points from the discussion were captured and can be found here to view the report.