The Healthcare Cybersecurity Challenge: How to Keep ePHI Secure

The healthcare industry faces many challenges, but perhaps one of the biggest at present is how to keep electronic protected health information of patients secure.

Hackers are targeting healthcare providers for the data they hold, HIPAA-covered entities large and small are under attack, and the volume of cyberattacks is increasing at an incredible rate. New malware is evolving fast, employees are stealing data more frequently and worse still; the threat landscape is ever changing.

The Workgroup for Electronic Data Interchange (WEDI) Offers Assistance


The Workgroup for Electronic Data Interchange (WEDI) is a not-for-profit organization and a leading authority on healthcare IT security. One of the main aims of the organization is to help healthcare providers improve the quality of care provided to patients, while introducing efficiencies to drive down costs. One of the ways it achieves this objective is by offering guidance on improvements that can be made to healthcare information exchanges.

The organization was formed nearly 25 years ago by the Secretary of Health and Human Services (HHS) and it continues to offer Health IT advice to the HHS, and serves as an advisor to the department on HIPAA matters.

WEDI stakeholders include doctors, dentists, surgeons, hospitals, pharmacies, laboratories, health plans, healthcare clearinghouses, vendors and government regulators.


Perspectives on Cybersecurity in Healthcare Primer Released


Last month, WEDI released a new cybersecurity primer, “Perspectives on cybersecurity in Healthcare”. The purpose of the primer is to help CISOs, CIOs and health IT departments address the threat posed by hackers and malicious insiders. Today’s healthcare environment requires robust defenses and a constant watchful eye on networks and EHRs, but it is essential that security staff know where to look, and how to identify an attack when it occurs. The primer discusses some of the vectors used to attack healthcare providers and the best methods to employ to prevent attacks from being successful.

The primer is broken down into three key sections: The Lifecycle of Cyberattacks and Defense; The Anatomy of an Attack; and Building a Culture of Prevention.

Devin Jopp, Ed.D, president and CEO of WEDI, said “Between 2010 and 2014, approximately 37 million healthcare records were compromised in data breaches… but in the first four months of 2015 alone, more than 99 million healthcare records have already been exposed through 93 separate attacks.”

He pointed out “The risk of cyberattacks is no longer limited to the IT desk – it is a key business issue that must be addressed by executive leadership teams in order to build that ‘culture of prevention.”

The cybersecurity primer can be downloaded here.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.