Hidden Vulnerabilities in Clinical Workflow Put PHI at Risk

During my time on the Health Care Industry Cybersecurity Task Force, we talked through this issue with protecting PHI in clinical workflow and the need for tools that give visibility into vulnerabilities that everyone knows exist but are extremely difficult to find. Better protecting PHI requires better securing the clinical workflow itself, including the devices, applications and individuals that operate inside of it. That said, a clinician’s ability to deliver quality care largely begins with how well their healthcare system secures PHI – and not only PHI, but also the devices, applications, and users that interact with the patient data. Protecting PHI and patient safety requires a more holistic and concerted strategy to better de-risk the various types and kinds of clinical workflow vulnerabilities From shared workstations to unsecured vendor clouds, excessive user privileges, unknown applications and unaccounted thumb drives, the clinical workflow contains an enormous number of hidden vulnerabilities that threaten the privacy and security of PHI. De-risking PHI is about protection at the endpoint, and more preemptive mitigation at the point of clinical use, well beyond perimeter security. Until CIOs and CISOs can see where PHI is hidden within their growing clinical workflow, how it is being used, who it is being used by, and where it is going, vulnerabilities will continue to go undetected and PHI will remain at high risk of breach. Traditional cybersecurity solutions designed to secure the infrastructure have fallen short in detecting and identifying issues with PHI, but advancements in machine learning and telemetry open doors to continuously monitor PHI movement in clinical workflows.