Providers are, in many cases, getting the equivalent of a Russian nesting doll of third-party risks whenever they acquire a complex new technology solution. Cybersecurity supply chain risk management is the process of identifying and mitigating potential risks that may arise from these third-party products and services within an organization's IT infrastructure.
Healthcare technology has evolved significantly in recent years. For example, electronic health record systems, clinical information systems, patient portals, and electronic billing systems are commonplace today. New solutions leveraging machine learning and artificial intelligence are transforming how we diagnose and treat disease. Telemedicine networks connect patients to doctors and specialists across the country, and nanomedicine has the potential to revolutionize treatments for cancer, diabetes, and many other conditions.
Just like the digital technologies that preceded them, these new technologies bring new security risks that organizations must address to protect patients and their data. The authors of HIPAA predicted these risks two decades ago, leading to the implementation of the HIPAA Security Rule. The Security Rule continues to provide the security framework by which healthcare providers and their business associate partners must abide when implementing and operating systems that create, receive, maintain or transmit electronic protected health information (ePHI). However, simply asking a third party to sign a business associate agreement promising to abide by the HIPAA Security Rule requirements is no longer enough to manage the associated risk of adopting current and emerging technology solutions.
As the speed and scale of positive impact increases with new technology, so does the potential harm.
The Department of Health and Human Services’ Health Sector Cybersecurity Coordinating Center (HC3) recently issued a threat brief regarding the security risks of the most promising emerging technologies impacting healthcare. On the list of emerging technology, HHS HC3 included artificial intelligence, 5G cellular, nanomedicine, smart hospitals, and quantum computing and cryptography.
We are particularly concerned that a vulnerability in technology may ultimately result in loss of life. Unfortunately, all the technologies listed in the HHS HC3 threat brief could fall into that category.
Click here to continue reading.
About the Author
Follow on Twitter Follow on Linkedin Visit Website More Content by CynergisTek, Inc.
