Healthcare IT Lessons: New Security Risks and Scaling Projects

Two key lessons for Healthcare IT from the State Exchanges:

  • Recent security risks
  • Scaling IT projects

Recent Security Risks for Healthcare IT

Security isn’t just on our radar; it’s also on the FBI’s. A recently released private industry notifications (PIN) memo stated that:

“The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.”

Federal Bureau of Investigation

The memo suggests that healthcare data is more valuable on the black market than consumer credit card information. Put plainly, when will the 2013 Target security breach happen in healthcare IT? The answer appears to be soon.

One such threat, a bug affecting core internet security dubbed “Heartbleed”, announced April 3, allowed hackers to download security credentials and other data from servers since 2011. A patch has been issued. However, this bug affected around 50% of the internet. With major parties like affected, there’s a good chance that your servers and user credentials may be affected. If you’re a provider, carrier, or other healthcare entity, make sure you’ve discussed Heartbleed with your healthcare IT professionals to determine the impact. Hardware from manufacturers like Cisco Systems and Juniper Networks, both long-time providers of healthcare IT hardware, may be vulnerable. You can check here to see if your site is impacted.

Reliance on outdated software poses issues too. Microsoft dropped security support for Windows XP, a healthcare IT mainstay. That’s a huge vulnerability. Outdated software like Windows XP may be in violation of HIPAA. While institutions like the Internal Revenue Service have contracted security extensions for Windows XP, this move would cost-prohibitive for many. Upgrading to later versions of Windows or Linux-based operating systems, like Ubuntu-Med, may be more cost-effective.

Scaling Healthcare IT Projects

Frequently, Healthcare IT development is tasked with accomplishing too much, too quickly—preventing experience with the system and adequate documentation for stakeholders. Indeed, building projects to adequate scale is a major challenge globally. One doesn’t launch a regional network of providers with dozens of plans in just a few months. One scales responds to market conditions, regulatory environments, etc. Likewise, Healthcare IT must identify key needs first and gradually add moonshot features over time. Take the Washington’s success developing a state exchange:

There are must-haves and like-to-haves […] The more aggressive the timeline got, the more we had to evaluate scope.

Michael Marchand, Director of Communications (Washington State Healthcare Exchange)

Consider competing healthcare IT infrastructures much like trying to tackle Amazon, Google, or Twitter: these sites, like competitors, may have spent years carefully building new features and expanding their business. Google started as search: now it boats cloud data, content delivery, and even a biotech startup. When considering a new project or major revision to an existing one, try not to indulge an “everything and the kitchen-sink” approach or else you may find your next project unstable or worse, lack meaningful adoption rates from stakeholders.