Cybersecurity in healthcare: a challenge for data sharing

Information technology can transform many processes and is being used more regularly to improve agility and effectiveness. So it's no surprise that technology is also playing an increasingly important role in the healthcare sector, such as when registering patient data in medical records and electronic reports.

More recently, there has been a demand for "data portability", that is, for patient data to be digitized to facilitate migration between health plans. The idea is for the data to be available to any institution that provides care.

However, the development of information systems has not always moved at the same pace for all institutions, which is manifested in technical problems when it comes to sharing. Not all systems "converse" with one another.

This change will likely take place over the next few years through databases standardized by regulatory bodies or solutions created by specialized organizations.

This means that data will always be in a digital format, even if initially collected through strictly "analog” methods. As such, the security of healthcare institutions' information systems will become increasingly important.

The employee's contribution

The integration of digital health systems means that various essential data for patient care will be available digitally, such as prescriptions, allergies, previous procedures, and medications for continuous use, among others. 

In addition, hospitals, clinics, and health plans are also organizations that rely on administrative departments, and, as in any other modern organization, these departments have already adapted (or are adapting) their routines to digital channels.

However, as their daily routines integrate with technology, we must be aware that they are also subject to the risks arising from digital security failures, attacks, and incidents.

Since many devices are connected, any employee can end up making mistakes or being tricked by an attacker into taking action that leads to an incident. Phishing and malware are examples of this. So, remaining abreast of attackers' tactics and how to avoid these scams is a way of contributing to the safety of the institution and patients.

Sharing and privacy

Although health data should preferably be standardized and made available to patients, the right to information privacy and confidentiality must also be protected.

There have been cases in which criminals use data from exams and procedures to deceive patients. They pose as hospital representatives to charge for services already paid for, covered by the health plan, or provided through national health programs. Nowadays, these scams depend on health data systems being invaded – often through attacks against the institutions' employees – but these cases may worsen as data integration evolves.

As a society, we are still finding our feet, but we cannot lose sight of the benefits that these changes may foster. In certain countries, like Brazil, for example, legislation already provides for authorization to share data for the benefit of the patient.

However, we need to be aware of the right to privacy and the need to pay attention to situations that could put this right at risk, especially when it is impossible to validate the authenticity of a request for information.

The evolution of platforms for sharing and storing patient data will increase the flow of information, which means that greater care will be required in terms of this data. Information security, whether through specialists in the field or the contribution of each employee in risk prevention, will always be a pillar of support to ensure that this infrastructure remains dependable and accessible.