Shadow IT systems leave healthcare vulnerable to attacks

doc texting
Unsecured shadow systems, like email and texting, have generated additional risks for healthcare providers.

Born out of provider frustration with existing health IT tools, “shadow” systems are creating additional cybersecurity risks for providers.

In an effort to work around inefficient systems, clinicians occasionally resort to unsecured communication tools like personally email or texting, Mick Coady, a partner at PwC’s Health Information Privacy and Security practice, told Crain’s Chicago Business. Those workarounds create additional vulnerabilities within the system that might not be easily identified by security professionals.

The impetus behind these shadow systems is the need to share patient data with other providers and with patients themselves. That ongoing dichotomy between interoperability and rigid cybersecurity has left providers somewhere in the middle, often struggling to keep pace with a flood of attacks.

RELATED: HIMSS 2017—Social media posts trigger cyber concerns

Privacy and security executives continue to cite cybersecurity as a top priority within their organizations. One recent survey showed that 95% of insurance companies said senior executives receive cybersecurity reports at least once per quarter. Cybersecurity was also listed as a top priority by both vendors and providers in a survey released during the HIMSS annual conference in February.

RELATED: AI provides an urgent solution to evolving ransomware threats facing healthcare

But the industry continues to struggle, in part because it faces a shortage of skilled professionals. Rod Piechowski, a senior director at HIMSS, told Crain’s that although the environment is changing, healthcare IT professionals were previously excluded from conversations about new equipment purchases.