Securing the hospital network
It is now on the region’s healthcare providers to not only ensure their networks are secure, but also to show patients just how safe their data is.
At GITEX 2013, His Highness Sheikh Mohammed Bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE, and Ruler of Dubai, outlined a long-term vision for a Smart Healthcare Model. As part of the model, hospitals across Dubai would begin the journey towards digitisation, with the end-result being that all hospitals in the emirate go completely paperless. In February this year, the Dubai Health Authority (DHA) announced that 96.7% of hospitals in the emirate have started the process towards a paperless environment, with the hospitals judged on an EMRAM (Electronic Medical Record Adoption Model) score, which starts at 1, and goes to 7 for completely paperless.
According to Dong Wu, president of Huawei Enterprise Middle East, this wave of digitisation is all part of Dubai’s drive to become a smart city. Indeed, he says, while smart offerings are becoming widely publicised across other verticals, it’s important to note the leaps and bounds that the healthcare industry has experienced on its path to digitisation.
“Alongside the wider Smart City discussions that are happening at a government level across the Middle East, the healthcare industry is one vertical sector in particular that is beginning to identify the significant patient and business benefits that come from a digitised infrastructure. Under national smart city initiatives, government ministries across the region are encouraging private sector organisations including those in the in the healthcare industry, to align with their visions for a better connected world,” he says.
“In order for hospitals to align with smart city plans they need to leverage ICT to improve their operational and management efficient and lower their operating costs to ensure people’s health while contributing to sustainable social development. Digital hospitals focus their development on how better to serve patients. These smart hospitals are based on digital hospitals and require a number of new medical applications to serve patients, such as network services, mobile healthcare, remote healthcare and health management.”
Unfortunately, the implications for moving towards the digital healthcare model are far-reaching from a security perspective. Digital health records are valuable in a way that even financial records fail to be. After all, if a credit card is being used fraudulently, the end-user can cancel the card, and may even be compensated by his or her bank. Personal health data, however, is much more permanent, private, and as a result, needs to be treated with the utmost care. A consumer simply won’t stand for a health institution misplacing or losing their health data.
“The greatest challenges are the risks of security breaches and loss of confidential patient data. For example, the consequences of a breach of Personal Health Information (PHI) can be severe. Medical identity theft, the fraudulent use of someone’s personal identity to obtain medical services, prescription drugs or devices, is just one potential concern. According to a recently released study from the Ponemon Institute, from 2012 to 2013, medical identity theft increased by 19%, with more than 300,000 reported incidences,” explains Nat Pisupati, regional sales director for Identity and Access Management, HID Global.
Added to this, few business verticals put as much pressure on IT as the healthcare segment. After all, along with the standard business requirements for uptime and good performance, there is the added knowledge that any technological error could result in loss of human life. And this is particularly true across hospital networks. Slip-ups are simply not an option, meaning that securing the hospital network, from both outsider threats and from a business continuity perspective, is of paramount importance.
The danger outside
Unfortunately, cyber-attackers realise the importance of personal health data as well as healthcare institutions do. And according to Maher Jadallah, regional sales manager for Cisco’s Global Security Sales Organisation, things are made worse by hospitals’ willingness to adopt new technologies. He warns that, in the desire to be cutting-edge, it can often be too easy to overlook the security aspects of a hospital infrastructure.
“Today’s dynamic computing environment in the Middle East has become the Wild West in a lot of ways — new devices, operating systems, applications, and the cloud. This creates new attack vectors for the bad guys. Yet not all customers can envision the danger associated to what hackers can do their records, such as changing medical results or for VIP customers, even sharing information with the media,” he explains.
“We believe that data security is very vital - for any organisation that uses information technology to operate, regardless of the industry, but especially healthcare. IT managers are now acknowledging the need for a more holistic approach — one that is scalable and addresses mobility, security governance, virtualisation and network policy management, in order to keep management costs in line while simultaneously providing optimal experiences and reaping savings.”