Cybersecurity for Health Data

Interconnection between the whole healthcare chain has become a reality, and concerns about patient and company data regarding R& have grown. To date, technology is present in all aspects of the healthcare industry, from supply manufactures to Electronic Clinical Records (ECR). The growth of cyberattacks in healthcare can be reflected on the hacking attempt complaints pharmaceuticals have issued regarding COVID-19 vaccine developments.

Where can cybersecurity for healthcare take place? HIMSS reports that many healthcare organizations have various types of specialized hospital information systems such as: ECR systems, electronic prescription systems, practice management support systems, clinical decision support systems, radiology information systems and computerized physician order entry systems. In addition, , thousands of devices that comprise the IoT must be protected as well. These include smart elevators, smart heating, ventilation and air conditioning (HVAC) systems, infusion pumps, remote patient monitoring devices and others.

According to Becker’s Hospital Review data breaches cost the health care industry approximately US$5.6 billion every year. The Breach Barometer reports that cyberattacks affect more than 27 million patient records every day.

Jesus Diaz, CIO at CHRISTUS MUGUERZA (CM) explained during an interview with MBN the importance of vcybersecurity in a hospital chain such as CM. Diaz says that fully digital hospitals interconnect every process of the facility, including full control of internal processes. “For instance, in the case of a medication process, this would mean knowing the providers involved in the medicine supply, the moment when medicine is given to the patient, the treatment of that patient and the reactions it caused.” Moreover, Diaz explained that it is important to note that being a digitalized facility does not mean more vulnerability to cyberattacks. “Having digitalized tools is different than having online information. Online information generates awareness and this can lead to possible cyberattacks. However, having information online has become necessary because patients want to access their information and doctors need to consult their patients’ progress in case both parties cannot meet.”

Companies in Mexico do this to protect their information, however, regulations in the country have a long road ahead in order to establish ideal cyber security norms. More recently, NOM-024 added a new chapter that included cybersecurity. The federal government is building a digital healthcare ecosystem in Mexico, nevertheless, an open dialogue and communication between all entities is still needed to make this happen. The goal would be that all products that generate digital health information follow accepted standards. Diaz says that the industry is still on the process of forming a health-tech association to reach legislative authorities, however, “gaps have stopped the Mexican healthcare sector from fully digitalizing because of a lack of regulatory processes.”

In the meantime, companies such as 1DOC3 base their cybersecurity standards on the Health Insurance Portability and Accountability Act (HIPAA) quality model to protect data. During an MBN interview with Juan Camilo Garay, Country Manager of 1DOC3 he mentioned that the norms in Latin America are not there yet, which is why they are following other models used in different countries. “US model HIPAA helps us guarantee that user data is safe and protected. This is an obligation for any telemedicine provider,” said Garay.