Cybersecurity Not Always Top Priority as ASCs Move Toward Digitization

^{Ambulatory surgery centers must prioritize cybersecurity.}

As healthcare becomes increasingly digitized, many ambulatory surgery centers (ASCs) find themselves playing catch-up due to obsolete technology and inadequate cybersecurity. Although most ASCs now use electronic practice management solutions, the industry has been slow to adopt electronic health records (EHRs). Although that is beginning to change, there remains a lack of awareness and understanding of cybersecurity issues and best practices for EHRs.

Whether an ASC is considering changing its practice management vendor or deploying an EHR, cybersecurity is rarely a top priority. The cost of the system, the system’s features and functionality, the customer service reputation of the vendor and the potential return on investment often take priority over cybersecurity concerns.

>> READ: 5 Data Breaches That Show How Cybersecurity Must Evolve

However, some basic characteristics of software solutions can have a significant impact on an ASC’s cybersecurity posture down the line. That is why it is important to consider the cybersecurity implications of each solution when researching options. The following three characteristics of ASC solutions, in particular, can have significant effects on an ASC’s overall cybersecurity:

1. Contrary to popular belief, cloud-based software can actually enhance an ASC’s cybersecurity posture.

A common misconception is that if an organization owns its server, and it is located within the organization’s local facility (a.k.a. “on premise”), it is not as vulnerable to attack. Actually, any server that is connected to the internet is vulnerable to hackers. A company that makes its business operating in the cloud is going to apply more human resources, knowledge and advanced technology to cybersecurity than a surgery center can typically afford and apply on its own.

The big companies that provide data centers and cloud services have staff dedicated 24/7 to monitoring and responding to intrusion attempts. They employ state-of-the-art firewalls. They have physical security protections in place, such as bulletproof glass in the facility and biometric security restricting access to shelves, racks and servers. For all of these reasons and more, it is likely that cloud-based deployment will improve an organization’s cybersecurity posture.

2. What’s behind the curtain — the technical architecture — can have powerful implications for cybersecurity.

The technical architecture of a software solution may be the last thing a small ASC is interested in, but it can have a big impact on the security of patient data. Modern software relies heavily on the use of published libraries and frameworks, either commercial (licensed) or open-source (free). This is especially true of the security-related portion of an application: The code is complex and requires highly specialized knowledge of protocols and algorithms.

Even with the best developers, writing bug-free code is nearly impossible (witness the endless stream of daily or weekly security patches). That is why, as part of your due diligence as a software consumer, you want to be assured that your application is built on security libraries that are widely used in the industry, have a proven track record and are actively supported by a deep team that can quickly respond to constantly evolving security threats.

3. Natively integrated software suites reduce the need for interfaces. Reducing system complexity can also decrease cybersecurity vulnerabilities.

When available, consider deploying natively integrated applications offered by solutions vendors. Using natively integrated software suites reduces complexity and costs by eliminating the need for interfaces. The more moving parts you introduce into the healthcare technology equation, the more vulnerabilities you introduce into the system. Increased complexity means more opportunities for cyberattacks. Maintaining cybersecurity for interfaces is an added risk to IT resources that are often overburdened.

As the saying goes, “An ounce of prevention is worth a pound of cure.” Considering the cybersecurity implications of ASC software options before committing to specific solutions can have a substantial impact on an ASC’s cybersecurity risk post-implementation.

Get the best insights in healthcare analytics directly to your inbox.

Related

WannaCry, NotPetya and Cyberwarfare’s Threat to Healthcare

Judge Upholds $4.3M Data Breach Fine Against MD Anderson

Amazon’s Alexa Really Isn’t Ready for Healthcare