It is no wonder hospitals are increasingly concerned about data breaches. According to a report issued in February 2014 by a healthcare IT security firm Redspin, the number of patient record breaches has increased 138 percent since 2012.
With healthcare’s focus on automation and interoperability across all health environments, opportunities for health information breaches are a risk. The concern about patient health data being compromised permeates providers of healthcare information technology. Medical device integration is no exception.
Security is one of those areas that is constantly evolving and threats strike when you least expect it. The best way to combat these threats is to include security and privacy requirements and best practices at the early phases of the development lifecycle. Organizations can stay ahead by proactively monitoring and evaluating the latest secure design, coding, testing and best practices around privacy, and being prepared to react and communicate if and when a threat or vulnerability occurs.
Starting with a secure architecture is an important first step. For example, we carefully took every opportunity to remove all unnecessary and vulnerable entries into our devices. This is made possible by choosing Windows Embedded on the Capsule Neuron and the SmartLinx Neuron to fine tune the firewall, lock-down the access of the underlying system and encrypt all the data sent to our server. We also use other best practices during the implementation phase like performing Static Code Analysis that helps ensure that secure coding policies are being followed.
At the forefront of security threats is the latest, “Heartbleed”, a massive security bug that affects most of the internet and has since 2011, but just recently discovered. This is one of many threats that encouraged our security processes to be put into gear; and we are fortunate to report that our version of OpenSSL is not affected.
Staying on top of these threats is no small task. We consistently monitor what is out there and augment the process by aligning with other organizations to stay informed. Additionally, we are a Microsoft Gold Partner which allows us to be informed as soon as threats are discovered and qualified. Periodic independent security audits are also a part of our ongoing best practice.
Vulnerabilities are inevitable, but when it happens, quick execution and a response plan to inform our customers are our top priorities.