By Lee Kim, JD, CISSP, CIPP/US, Director, Privacy and Security, HIMSS
The most valuable part of the healthcare system is the patient. Patient safety is paramount in the healthcare sector. With the digitization of healthcare information, the free flow of information comes at a price. We need to be responsible stewards of healthcare information. Patients entrust us with their healthcare information and their lives. Those of us in the healthcare cybersecurity field have the unique task of protecting and securing patient information yet ensuring that the information is available on demand—especially when critical, life threatening situations arise.
The Vulnerabilities of Healthcare Information Technology Systems team of the United States Department of Homeland Security/Office of the Director of National Intelligence Analytic Exchange Program (“AEP”) has developed a white paper and tip sheet (linked at the bottom of this post) on the topic of patient safety and cybersecurity. In this paper, our AEP team emphasizes the importance of patient safety and cybersecurity.
Patient safety and cybersecurity are unfortunately too siloed within many healthcare organizations. Patient safety professionals often lack an understanding of cybersecurity and many cybersecurity professionals may not be well-versed in patient safety. As healthcare cybersecurity professionals, we need to connect these dots. In healthcare, actions do have consequences and cyber events have the potential to cause patient harm and, potentially, serious adverse events may occur.
The AEP healthcare white paper and tip sheet both serve as a call to action to the healthcare sector. We want to encourage stakeholders in the healthcare sector to exchange meaningful and relevant information about patient safety and cybersecurity with their peers. Cybersecurity professionals, patient safety professionals, and clinicians need to share intelligence on what is happening. Specifically, we need to learn from each other and make responsible and thoughtful decisions on how to protect and defend our information technology and operational technology assets. The patient should be at the center of healthcare, but not at the focal point of a cyber-attack. We need to protect our most critical and valuable part of healthcare—our patients.