Protecting healthcare from cyber attack
21 December, 2017
category: Corporate, Digital ID, Health
By Mollie Shields Uehling, President and CEO, SAFE-BioPharma Association
Over the past few years almost 180 million Americans have had their healthcare records stolen. Our ubiquitous reliance on user names and passwords is the leading cause of these massive cyber thefts. Another term for it is weak identity trust.
The same can be said of breaches from credit companies; retailers, search engines, financial services companies, retailers, etc.
Currently, individual organizations have their own parochial identity trust requirements. They work within their organizations but not outside of them. It’s the equivalent of a phone number recognized in California but not in New York.
But breaches in healthcare are different.
At one level, purloined healthcare records are more valuable on the darknet than other personal data.
At another level, disrupting healthcare delivery has the potential to cause catastrophic results. Accordingly, Presidential Policy Directive 21 identifies healthcare as one of 16 critical infrastructure sectors having “…assets, systems, and networks, whether physical or virtual, … so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
Yet, far too little is being done to protect patient records or to correct the gaping vulnerabilities to healthcare, in general.
Currently, individual organizations have their own parochial identity trust requirements. They work within their organizations but not outside of them. It’s the equivalent of a phone number recognized in California but not in New York.
Alternatives exist in the form of standards that specify how identities are to be checked before cyber credentials representing those identities can be issued and used. For example, U.S. Government agencies and the European Commission created identity standards as a way to improve trust and efficiency in their respective workforces. They employ a single cyber identity credential that can be used, recognized and trusted across many computer systems.
For the past 12 years, I have led global development of the global SAFE-BioPharma standard. The standard was developed to help participating companies adapt to the Digital Era with greater security and efficiency, and it has resulted in a trusted cyber-identity ecosystem for the global biopharmaceutical industry.
All components of the SAFE-BioPharma standard are applicable to other areas of the healthcare sector: hospital systems, physicians’ practices, insurance plans, drug distribution and sales.
Standardized cyber identity credentials are a form of code. Those compliant with the SAFE-BioPharma standard assure strong trust that the code has been issued following a detailed protocol that checks and confirms the individual’s actual identity. Once activated, the credential requires use of multi-factor authentication to be accepted by computer systems programmed to participate with the standard.
As we have seen over the past 12 years of use, the SAFE-BioPharma standard allows large and complex enterprises to manage who may access their diverse information assets and to securely interoperate in a broad Identity Trust Ecosystem.
Big breaches are big problems in all sectors. Healthcare, in particular, is vulnerable. By participating more actively in the most widespread standardized trusted cyber-identity ecosystem, the healthcare sector will protect itself and millions of patients against security breaches and improve the “interoperability” of secure communications and other transactions between its diverse participants.
Healthcare needs to look beyond a culture of quick and incomplete fixes to a broader, more comprehensive standards-based ecosystem to manage and trust the cyber identities seeking access to its systems.
About the author:
Mollie Shields-Uehling heads SAFE-BioPharma Association, the non-profit industry collaboration responsible for the global SAFE-BioPharma® digital identity and digital signature standards. The SAFE-BioPharma standards assure identity trust inherent in implementation of the TransCelerate Shared Investigator Portal, in Merck’s EngageZone portal, and in other industry collaboration portals. Digital signature applications certified compliant with the SAFE-BioPharma standards meet global regulatory and legal requirements. The association’s members include most of the world’s global biopharmaceutical companies. Ms. Shields Uehling has more than 20 years of international trade and biopharmaceutical industry experience. PharmaVOICE Magazine has recognized her as one of the pharmaceutical industry’s most influential leaders.
