Blog

Rhapsody Health Solutions Team

How the top 10 cybersecurity concerns impact integration and interoperability

Session 139 at HIMSS 2018, 10 Challenges in Managing Medical Device Cybersecurity, reviewed the top 10 technology hazards in healthcare IT for 2018 released by the ECRI Institute. While the focus of the presentation was geared towards medical device security, many of these challenges exist for integration technologies as well.

Patch management

Not surprisingly, patch management was near the top of the list. Patch deployment can directly impact patient care if patches to the most recent threats are not deployed in a timely fashion. This requires a patch deployment strategy, with regular patching processes in place. Patch implementation must evaluate clinical care impact – ideally vendors will have solutions to allow patching with little to no downtime. In addition, having a process for critical patching with no downtime is essential as well. Corepoint Integration Engine’s high availability feature, Assured Availability, ensures that no data is lost during planned or unplanned downtime.

Upgrading

Also near the top is the necessity to keep legacy technologies secure. This can be a big challenge because technologies designed five years ago likely did not place a premium on security. Ideally, vendors allow for upgrades that are not disruptive to clinical workflows. However, if upgrading is too difficult or even not possible, the security risk must be weighed against the clinical need of the technology.

From an integration standpoint, a non-functioning integration engine can bring down all the data flow in a health system if it is not updated and secured properly. Read: Improve PHI security using a modern interface engine.

Server management

In addition to securing the application, providing proper security for the servers they run on is just as important. It is important that the application run on operating systems that are still being updated for the latest security attacks. It is also imperative that the application be compatible with antivirus software protection. Ideally, a virtual environment would be preferred over a physical requirement, thus simplifying server management.

Remote access

If remote access is required for support, maintenance, or analytics it can provide a security hole to the server and application. Unsecure external communications should be strictly avoided. This would include default service passwords and unsecured transports. Remote access should be limited to VPN or encrypted transports such as TLS, and passcodes should be temporary or have an expiration.

Security was more widely discussed at HIMSS18 than in previous years. Recent ransomware attacks have certainly contributed to the growing emphasis on security. Providers and application vendors must stay on top of the latest technologies and processes to keep patient data safe and available.

These are four of the key challenges discussed in the session as they apply to integration technologies.

Related Blogs

Natalie Sevcik

Congratulations to all award winners recognized at HIMSS24

Congrats to all the HIMSS award winners who are making global healthcare safer, more efficient, more equitable, and better for all populations.

Read more
MATCH IT

Drew Ivan

MATCH IT Act means better patient matching and safer, higher-quality care

The current Patient Matching and Transparency in Certified Health IT Act (MATCH IT Act) legislation focuses on improving person matching and data sharing throughout healthcare.

Read more

Lauren Usrey

Assessing the buy vs. build decision

Cameron Kerber of Monogram Health shares how his team made the decision to invest in a best of breed enterprise master person index rather than build the technology in house.

Read more