Born out of provider frustration with existing health IT tools, “shadow” systems are creating additional cybersecurity risks for providers.
In an effort to work around inefficient systems, clinicians occasionally resort to unsecured communication tools like personally email or texting, Mick Coady, a partner at PwC’s Health Information Privacy and Security practice, told Crain’s Chicago Business. Those workarounds create additional vulnerabilities within the system that might not be easily identified by security professionals.
The impetus behind these shadow systems is the need to share patient data with other providers and with patients themselves. That ongoing dichotomy between interoperability and rigid cybersecurity has left providers somewhere in the middle, often struggling to keep pace with a flood of attacks.
Privacy and security executives continue to cite cybersecurity as a top priority within their organizations. One recent survey showed that 95% of insurance companies said senior executives receive cybersecurity reports at least once per quarter. Cybersecurity was also listed as a top priority by both vendors and providers in a survey released during the HIMSS annual conference in February.
But the industry continues to struggle, in part because it faces a shortage of skilled professionals. Rod Piechowski, a senior director at HIMSS, told Crain’s that although the environment is changing, healthcare IT professionals were previously excluded from conversations about new equipment purchases.