Technology in Healthcare: The Impact of Security Issues in Healthcare

Blog Banner

It’s right there in the Hippocratic Oath, the code of ethics doctors and physicians have been upholding when delivering healthcare since around 400 BC:

  • “And whatsoever I shall see or hear in the course of my profession…if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.”

Protecting patient privacy sits alongside primum non nocere (translated from Latin as “first, do no harm”) as a core tenant of healthcare. So, it’s somewhat surprising to learn from the latest SOTI industry report, A Critical Investment: Taking the Pulse of Technology in Healthcare, that 70% of organizations have experienced a data breach or leak since the onset of COVID-19.

Legally and ethically, healthcare organizations and providers have a duty to secure patient information. Yet, it’s becoming more of a challenge to do so, which means it’s becoming more of an area of concern.

Why is that and what can be done about it?



Healthcare Security Challenges: A Business-Critical Issue Becoming More Critical

The cost of a healthcare data breach is nothing short of devastating:

These costs can be measured in dollars lost or records impacted. In theory, they can be recouped or recovered.

Then, there’s the reputational damage to a healthcare organization, which is nearly impossible to quantify. Approximately 60% to 80% of data breaches go unreported, and 39% of healthcare organizations discover a breach months after it happens. The moment a security breach occurs, it’s already an uphill climb to regain trust from the impacted victims. Not knowing about it for months or never realizing it at all? There’s almost no way for a healthcare organization to recover.

It's a dichotomy. According to the SOTI 2022 healthcare report, 86% of healthcare IT professionals worry about patient information being revealed, lost or stolen. Conversely, 80% of healthcare organizations admit to not having completed a cybersecurity drill with a response process.


More Technology Means Better Patient Care…and More Healthcare Security Challenges to Face

Perhaps no industry was forced to adopt to the pandemic more than healthcare. Besides frontline healthcare workers’ heroic efforts in keeping patients safe and healthy, healthcare IT workers had to implement new technologies in a short amount of time. From A Critical Investment: Taking the Pulse of Technology in Healthcare:

  • 64% of healthcare settings have started to explore synchronous IoT/telehealth medical devices since the start of COVID-19

  • 49% have invested in mHealth wearables for specialized health services, which feed into patient records

  • 50% deployment of RFID (radio-frequency identification) devices globally since the pandemic

No doubt, these new technologies have contributed greatly to patient care and perhaps have even saved lives.

For 11 consecutive years, healthcare paid more for data breaches than any other industry. It boils down to more devices and more endpoints also meaning more opportunities for hackers to steal patient data, which can be up to 40 times more valuable on the black market than credit card data (one simple reason is that credit cards can be cancelled, whereas patient records cannot).

As such, only 11% of patients trust organizations with their data.

Connected medical devices seem to be most susceptible to attacks:

There are more lifesaving tools and technologies available than at any other point in history. Conversely, according to the report, 57% of IT professionals believe patient data security is more at risk than ever before.

The technology isn’t going anywhere, and neither are the potential threats. Where does the industry go from here?


Meeting Healthcare Technology Challenges Through Education and Resource Budgeting

The SOTI 2022 healthcare report determined that a staggering 70% of organizations have experienced a data breach since 2020. The sources of these leaks may not be what you think:

Healthcare organizations are taking a two-pronged approach to tackling these threats.

The first prong is education via security awareness training, such as identifying potentially harmful emails and safe surfing behaviors while following compliance procedures. In the SOTI 2022 healthcare report, 73% of organizations provide data security training to all staff handling patient data.

The second prong is resource allocation. According to the report, 73% of healthcare IT functions said their organization increased its annual technology spend since 2020. However, 46% agree their organization is not spending enough on patient data security.

Over half (52%) of healthcare workers receive security awareness training on a yearly basis. Conversely, the healthcare industry invests less than 6% of its budget on cybersecurity.

Organizations are investing the time, but not necessarily the dollars, required to protect patient data.


What's Next?

When the Hippocratic Oath was first written around 400 BC, its author Hippocrates could not have envisioned the state of healthcare in 2022.

In fact, there’s a movement to update the Hippocratic Oath for the 21st century to include responsibilities on allowing patients to determine how their data is used, making healthcare easier to access, understand and use and, of course, protecting patient information.

In medical terms, healthcare organizations must “increase the dose” in terms of technology used to treat patients and the training and tools needed to secure the data it collects.