Network Infrastructure

An eBook developed by Equinix and HIMSS examines evolving healthcare needs under the "new normal". 

A study published this week in the Journal of the American Medical Informatics Association found that hospitals with low cybersecurity ratings were more likely to experience a data breach.   The research, which also compared hospital cybersecurity ratings with Fortune 1000 firms, found that health systems remain statistically more vulnerable to botnets, spam and malware.   "Recent hacking and ransomware attacks may be shifting the security landscape for hospitals, with much larger potential hospital and patient consequences," wrote University of Central Florida's Sung Choi and Vanderbilt University's M. Eric Johnson in the study.   "Ongoing risk assessment is needed to keep up with these threats and will likely require even further security investment," they added.   WHY IT MATTERS   First, Choi and Johnson compared longitudinal cybersecurity risk ratings from BitSight of 594 hospitals with the ratings of 971 Fortune 1000 firms over the course of five years. (A disclosure notes that Johnson served as an early-stage advisor to BitSight and holds unexpired options for his involvement with the firm from 2012 to 2013.)   They found that, overall, hospitals had significantly lower security ratings than the Fortune 1000 firms from 2014 to 2016 – but the gap narrowed over time.    By 2017 through the end of the study period in 2019, that difference was no longer statistically significant.   "The reduction in the gap in security rating suggests that healthcare providers are catching up to the general cybersecurity performance of large, publicly traded firms," read the study.   However, that catch-up has not been consistent across the board: When it comes to measures of vulnerability against botnets, spam and malware, hospitals have improved but are still lagging behind.   Choi and Johnson also compared the cybersecurity ratings of hospitals that had experienced a data breach with those that had not.   Perhaps unsurprisingly, hospitals with low security ratings were associated with significant risk of a data breach.   "Hospital executives should work to reduce risks related to both technical security controls such as updated software and security applications, along with human vulnerabilities that can be addressed through enhanced training and overall security culture," observed Choi and Johnson.   THE LARGER TREND   Although hospitals and health systems certainly aren't alone when it comes to being targeted – recent attacks on pipelines, meat processors and government agencies make that clear – the potential risk to patient care means their incidents often make major news.   Recently, Scripps Healthcare experienced a weeks-long network shutdown following a ransomware attack – only to then face a series of lawsuits from individuals saying the health system should have protected their data better.   ON THE RECORD   "Policy makers should monitor the risk to the healthcare sector and provide incentives for hospitals to invest in risk management and overall information security," said Choi and Johnson in the JAMIA study. Kat Jercich is senior editor of Healthcare IT News. Twitter: @kjercich Email: kjercich@himss.org Healthcare IT News is a HIMSS Media publication.

The pandemic has accelerated the development of connected health models, and digital transformation is bringing the smart hospital closer to reality. All it need, says Huawei senior business development manager for Western Europe Simone Pretti, is the right infrastructure.

Every health facility in the Kingdom will reportedly have a dedicated page on the platform, allowing to track applications, reports, license validity, and any violations.

In a HIMSS21 session, two experts will weigh in on the importance of using holistic frameworks to shore up cybersecurity.

"Healthcare IT leaders need to understand the broad range of technologies at use across a hospital and assess which of these systems and machines they would detect attacks against, and where they would be blind."

In advance of his appearance at HIMSS21, Admiral Michael S. Rogers, who also served as commander of the U.S. Cyber Command, says the government and private sector must work more closely and collaboratively.

The HIPAA-compliant system that works on most devices is, among other things, enhancing the way clinicians can provide patient care.

A deputy chief information security officer offers a comprehensive checklist for infosec leaders, helping ease the daunting task of talking cybersecurity with health system leadership.

Health system CIOs are reducing their tech footprint and consolidating their IT systems for agility and efficiency. For digital health startups to succeed in this space, they must get three factors right: cost, scale and quality.