Health Care Information Security Risk Management

Health care Industry security deals with three main principles securing patient’s data, making patient’s data available and integrity of patient’s data. Health data has viable information like patient’s security number, credit card information and aliments pertaining to Patient health record. In such case data breaches can cause a significant loss. Apart from external source, there potential threat that can caused from computer malware function which can lead to wipe out of data, Infiltration hacking adding to it there’s something called phishing. Phishing can develop over access links generated in mails, by clicking link we can allow hackers to steal our data. Coping up with is challenging for health industry. Study shows that company’s, banking sector and health care industry are updating their there’s security tools, despite there is alarming trend in Cyber-attack, Year2017 witnessed 49% with use of Sophisticated tools and heavy infiltration. Appalling fact is hackers sell the patient’s data to black market. Researchers believe more than business stock, patient’s record is gold. Key information such as Insurance details, drug purchase and medical equipment all these loss is irreversible. Needless to say, health Industry over years has witnessed numerous of these incidences. This not only puts patient’s data in risk, company’s reputation is tempered long way. Nevertheless, Health industry can survive of this attack if they could embrace algorithms and tools available one such is encryption. Research aims to provide solution and strategy for current loopholes.

Risks faced by Health industry

Brief Information Risks and Threats in Healthcare is relating to patient’s data. Failure in providing confidentiality of data violation of HIPPA act. According to 2015 report, KPMG pointed out that “the healthcare industry is behind other industries in protecting its infrastructure and electronic protected health information (ePHI)”. Owing to it, there is exploit of Information assert. Although more of heath care risk are economically motivated. Non-economic motivated violation can be aroused by insider curiosity. For instance, worker accessing co-worker heath record. Some of healthcare lack the basic access control system, with improper security check in anybody can virtually break in and have access to logs or Hospital blueprint. It’s best advised for administration to make budget to incorporate fingerprints and smart-cards. “Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers” (Khan, Sayed, Hoque. 2016). However, most of hospital don’t have knowledge on IT infrastructure. They fail to have precise picture on network. Improper tracking and reporting can inevitably slow down updates. Updates should be received from main server to every system connected in network is necessary. Gaps in updates, can slow down system and weakness the firewall. Needless to say, every printers, Portals and nurse stations communicating with each other which be easy target for hackers. Following which can led to data beaches. Another major case is disclosure information or condition accidentally through email. On the other hand, another threat identified is systemic threat which usually motivated by work with help of insiders with privilege of access privacy. Hypothetically, patients denied of medical assistance with medical condition with help of insider they tend to modify medical code and apply for service.

Role of HIPPA in Health Care Industry

United States Congress was introduced HIPPA (Health Insurance Portability and Accountability Act in 1996, it also is known as a Kennedy–Kassebaum Act (Kennedy Act). This act has 5 different titles. First in line, HIPAA protects health insurance coverage this particular act is applicable for citizens who lost their jobs or change of gap duration of the time this citizen and his families can benefit it. Second is, Administrative Simplification (AS), this applies to people who are the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. Third in line, Pre-tax medical spending accounts followed by Group health plans and finally Governs company-owned life insurance policies. Health Insurance Portability and Accountability Act(HIPAA), is a benchmark for accessing and implementing health data. It’s more like a disciplinary board for protecting and monitoring health care data and Survey shows health care industry and ecommerce are rapidly prone to data breaches. Medical data is like hot cake in black market and sells faster than credit card information because of wide details it possesses like patient’s SSN, Insurances policies numbers, tax filling forms, since credit card theft can be void by bank. Medical theft however has strong impact. Instances, show there is a significant breach in web portal hospitals(ePHI) this resulted HIPAA to evaluates weak factors, threat that can impose penalties on companies and urged them to work on countermeasures. Simple HIPAA policies include basic Health Plan, covers cost of patient’s bills as per layout conditions. Core of it is, Health Care Clearinghouse most important procedure in medical insurance is processing for claims. In this scenario, software creates a file claim and sends to billing warehouse, after rounds of inspection establishes secure connection and sends to buyer. Digital transmission of e-claims over mail can subject to wide range of threat. With ecommerce and finances targeting customers easy, health care industry also adapting customer oriented like generating E-payment, health monitoring, online consultation and e-prescription. Incidentally, Idea of health bank, first conceptualized in Ramsaroop and Ball (2000) this platform stores and exchange patient health records patterned after a personal banking system where consumers could deposit and withdraw information. Recent launches of Microsoft ‘s ‘Health Vault’ and ‘Google Health’ are examples of such health banking systems. This application is likely to cause risks. Need for HIPAA has increased more recent year than much before.

Case studies in Health industry

Data is assert, to any industry. Fundamental idea of any organization is to veil data. Data exposed can be severe threat not just for company but it’s clients. Recent Study shows Health industry security is hitting bottom. However, there are many reasons on why data breaches occur in Healthcare. Some of incidents include Hacking, Unauthorized access, Physical loss/theft of record and unencrypting. On contrary, plenty of hacking incidences are uprising, inspite of companies hiring a stand-alone team to work on threads. Sharing data across platforms could ignite risks factors. Sophisticated techniques involving consolidation of health records to a single research database, can mitigate risks.

With ecommerce and finances targeting customers easy, health care industry also adapting customer oriented like generating E-payment, health monitoring, online consultation and e-prescription. Incidentally, Idea of health bank came into shape with Ramsaroop and Ball (2000) this platform stores and exchange patient health records patterned after a personal banking system where consumers could deposit and withdraw information. Recent launches of Microsoft ‘s ‘Health Vault’ and ‘Google Health’ are examples of such health banking systems. This application is likely to cause risks. Recent cases of data breaches, comes IT health giant Anthem. Numerous enrollment in health plan policies has put patients record in vulnerability spotlight. Patients sensitive data such as credit card SSN, Address is soft target. Making matters worst, company has detected ‘phishing’ happened technique that generates spam across emails user accessing, hacker can capture data. However, Company later has adopted serval complex access control techquies such as RFID’s, facial recognition and digital signature. Second case, notorious health chain Life Bridge. This Health care system is infected with virus, that attacked EMR server exposing serval patents registration details at risks. Reports showed that company has provided compensation and addition to it started call centers addressing issues and offered monitoring to customers. Bottom-line, risk Management has to evolve to assure safety of company.

Good thing is there is best practices available in market to make data less available. Encryption is one such practice. Only with help of decipher key data will be available only authorized source can access data. Including encryption there is other strong mechanism like adopting digital signatures, algorithms, passwords to make it secure. Although, verification and authentication are primary source of authentication. Industry has to ensure it adopts strong security framework and train its employers to inherent best strategy. Theirs is serval instances which proved weak firewall set up can welcome infiltration. Admin has to monitor to make sure stand-alone VLAN’s are created. Another prime fact, industry must make sure all drivers are frequently supervised and back up so that incase of any natural disaster or human negligence potential data is not wiped out. Many organization are adopting use of proprietary formats to store information of patients. Complex data halts disclosure to other key policy providers. In research study reveals Walker et al. (2005) empirically argued that investing in EMR interoperability and establishing a health information exchange could save the industry $77B annually. Nevertheless, Data Interpolation is a an advantages with serval control measure and strong policies data becomes secure. Thanks, to recent awareness some of analytical tools that technologies have come forward to offer best support. For instance, In Big data technology one can “analyze any kinds of data from the system level to detect any kind of malicious act or intrusion detection” (Raghupathi. 2014).

Conclusion

Healthcare industry has become easy targets for Infiltration. Over a decade there is a growing security concerns. As mentioned earlier, patient data is rich with all sorts of information needed to cause irreparable damage. Potentially, there is need to reinforce policies to make sure patient’s data if involved if with any malpractice got to be heavily penalized. Apart from this Web portal maintained by health care has been reported in serval case studies easily attacked by hackers. Main responsibility has to be taken by Organization giving proper training and awareness about Infrastructure. Nevertheless, should make sure employers practice encryption to mitigate data beaches risk. Adding on, firewalls updates has be supervised at regular periods to make sure there is no potential gaps between server system and user system. We have witnessed sophisticated use of access control mechanisms like RFID’s smart cards and biometrics can help safe authorization of entry. Health IT administrations has to be employed to ensure lowest level of security is also well implemented like protections system with combinations of passwords, updating software patches incorporating algorithms to keep risk at bay.