In a number of areas the threat to health sector personnel, information and other assets continues to increase. Patient record security is a case in point, but the risks don’t end there.
The security of electronic health records are particularly important in terms of the quality of patient care and budgetary efficiency, however the implementation of electronic records is faced with significant greater challenges ahead as the cyber-security threat environment evolves. This particular risk is amplified by research suggesting that in late 2015 the health sector was subjected to 340% more attacks than other industries, and was 200% more likely to encounter data theft. Moreover, and due the fact that patient records usually contain other financial details (banking and insurance etc.), health records were considered more than 10 times more attractive to steal than credit card details.
These are staggering statistics, and unless a 100% assurance can be given that all measures have been taken to address the known cyber-security risk within health IT systems, it is highly likely that many organisations will be subject to a successful attack in the future. And even if they do adopt all reasonable measures a not insignificant element of risk is very likely to remain.
This may explain why, 73% percent of organisations from various industries around the world, including health care, have increased cyber security spending in 2017, up from 58% at the start of 2016, according to a more recent report by Thales.
Beyond cyber-security risks, Hospitals, community and medical centres and mobile assets represent some of the many other areas exposed to personnel and physical security risks. While varying actions have been explored and taken around the country to mitigate these exposures, patient and attendee aggression, and a poor record of reporting of aggressive acts, are areas that continues to be of concern. So too are attitudes that exist within some parts of the community associated with behavioural expectations and respect for health personnel, and issues that affect consistent delivery of conflict de-escalation and incident response training to frontline staff.
The Agilient experience has been that related security initiatives tend to be compliance focused. This is possibly in the belief that government security policies, if implemented to the letter, address most of the problems arising from the above mentioned and other other risks. The truth is that they provide a baseline for security assurance, and that pro-active threat and risk management and mitigation is (explicitly) required to ensure that policies and standards are implemented in a way that best addresses organisational circumstances.
The challenge is thus to ensure that security risk assessments are not just viewed as a compliance exercise, but that they truly consider organisational context and propose pragmatic/implementable recommendations. The Agilient team has been involved with numerous health security initiatives within ACT, NSW and QLD Health sectors, including related work with many NSW Local Health Districts. We know first hand how busy health stakeholders are, and how complex the efforts can be in achieving positive change; that’s why we are the health security experts.
If you need assistance in advanced health security risk management, or in a security compliance initiative, contact Agilient today for an immediate response.
The Agilient Team