Coverage & Commentary

Cybersecurity Is Not Necessarily A Technology Issue

The latest affront to cybersecurity in the healthcare space is an investigation conducted by ProPublica discovering that medical images and health data belonging to over 5 million Americans have been sitting on 187 servers across the nation that are unprotected by passwords or basic security precautions and accessible to anyone with internet access and “basic computer expertise.”

It made for shocking headlines, and steps have been taken to rectify the situation. However, most people will no doubt soon forget it, just like the 551 active cybersecurity breach investigations currently listed on the Department of Health and Human Services website. The ProPublica investigation noted that incidents have affected over 40 million individuals in the U.S. over the just past 24 months.

Cybersecurity failures involving what should be sacrosanct health information have become so frequent and common that we are collectively desensitized.

There’s even a now-standard response usually involving many apologies and promises to do better, followed by a brief witch hunt and the purchase of some supposedly improved technology or security system. Then it’s back to business as usual. Like popular consumer security systems for the home, we collect the greatest new gadgets, install them and play with them for a few days. Then we quickly decide they’re too much of a hassle to activate all the time or maintain, and we forget about them — until porch pirates attack and we decide it’s time to buy the latest upgrade.

The same thing happens in healthcare cybersecurity. We buy lots of software and technology and then hope for amazing miracles to ensue so we don’t have to worry about it anymore.

But that’s not how cybersecurity works. Technology will not fix this problem.