Chapter 7 - Managing threats to health data and information: toward security

Abstract

More than 2000 ransomware and malware attacks occurred in the United States during the first half of 2021. Many of these attacks targeted health systems and healthcare providers, making cybersecurity a top priority for the health industry. Health Information Exchange (HIE) networks face more complex security challenges than healthcare providers, because HIE networks serve as an interface between multiple health system actors, such as hospitals, pharmacies, and primary care doctors. Larger volumes of data could potentially make them bigger targets for cyber-criminals. HIE networks can further help healthcare facilities affected by cyberattacks by providing access to critical data. This means that HIE networks now play a more critical role than ever in ensuring that clinicians have access to the information they need to make decisions. The purpose of this chapter is to introduce information on cybersecurity as it relates to HIE networks. It also discusses several security frameworks, approaches, risk assessments, risk management plans, available resources, and emerging trends in HIE security. The end goal is to provide the reader with sufficient information to improve the security of their organization and serve as a reliable resource in an environment made uncertain by cyberattacks.