Cybersecurity Lessons From Health IT: 3 Strategies Every Startup Should Follow
If your company's computer network was taken down by hackers, how dramatically do you think that might affect your organization? You could lose not only access to critical financial and communications systems, but also sensitive information about your staff and customers.
Related: 5 Trends Reinventing Healthcare
Now, imagine that that breach directly resulted in personal injury or death because hackers took remote control of an internet-connected medical device. How much more would you stand to lose? (In fact, something similar happened earlier this month with theransomware attack that shut down 16 British hospitals.)
That kind of hit to your brand's reputation is every entrepreneur's nightmare -- and one that leaders in healthcare organizations have top of mind these days.
While finding inspiration in others' accomplishments is an essential part of an entrepreneur's journey toward success, learning from others' mistakes can yield even more insight. In the field of health IT, for example, stories about crippling network security breaches perpetually spell out the importance of quantifying risk and deploying the latest defenses.
What can a startup founder learn from these headlines?
Reading between the lines of these reports, it becomes clear that innovative organizations understand the need to strengthen their systems with investments in IT security initiatives.
In Buffalo, NY, for instance, staff members at Erie County Medical Center were recently reduced to using pen and paper to communicate when hackers breached the computer system. After detecting a virus in its email system, the organization chose to shut down its entire network to save other parts of that network from being infected.
If going offline for days on end sounds like a roadblock to growing and scaling your business, consider, instead, how adopting best practices in health IT might inform the culture, predictive capabilities and agility of your startup.
What makes healthcare IT different?
In a broad sense, IT practices in healthcare present a unique challenge due to the nature of the industry itself -- it is, as mentioned above, one of the few industries in which lives could be on the line if networks are hacked.
In a recent study sponsored by Level 3 Communications and conducted by HIMSS Analytics, one-third of the health IT professionals and executives participating predicted their organizations would face an imminent security breach that could actually compromise patient care within the next year.
They had -- and have -- cause for concern: Patient data is one of the most frequent targets of cybercrime. The U.S. Office for Civil Rights reports that hacking incidents against healthcare databases rose by 63 percent from 2015 to 2016, with hackers employing increasingly sophisticated techniques.
Although cybercrime knows no industry bounds, patient health records are far more valuable than, say, credit card information. If your retail site is hacked, you may lose financial information, passwords, etc., but if a medical record is hacked, the completeness of that record is such that it becomes significantly more difficult to recover. As a result, medical records are 10 times more valuable on the black market.
Worried? Here are three critical cybersecurity practices in the health IT field that would be beneficial for entrepreneurs in all industries to embrace:
1. Bake security into your culture.
You can't afford to view data protection as just an "IT issue." As data threats continue to evolve, organizations must take a holistic approach to understanding risk and spreading awareness, so required budgets and resources are prioritized.
Don't relegate cybersecurity awareness efforts to charters and bulletins. Those avenues don't reflect the importance of security efforts. Instead, ensure that every department, from your company's front office to the C-suite, possesses a healthy awareness of cybersecurity and the potential implications of breaches, and is well-versed in the appropriate technologies and policies.
One practice involves testing your internal staff's awareness by launching dummy phishing attempts to reveal how many employees open them. According to Verizon’s 2016 Data Breach Investigations Report, people open about 30 percent of all phishing emails despite warnings, leaving their networks vulnerable to attack. Once you set a benchmark for how vulnerable your organization is, you can begin the process of training, testing and repeating.
2. Use predictive data to improve product offerings.
There’s now more data in the world than we almost know what to do with, and our ability to turn that data into actionable intelligence is a steep challenge. However, if you build the proper technology framework, with context and metadata for meaningful use, you'll be able to identify pain points within products and enable continuous improvement.
In health care, predictive data has helped improve care in a number of areas. For instance, a recent study from Florida State University found that a machine-learning algorithm can predict suicide attempts with 90 percent accuracy up to two years in advance -- based on data found in patients’ electronic health records.
In other industries, data based on customer-behavior patterns can identify what your most loyal customers are doing with your product, as well as what the ones you're losing aren't doing. Calm, a meditation app, analyzed its users' behavior data and learned that daily reminders were a causative factor for retention. The company also learned that 40 percent of users who were prompted to set a reminder did, so it included those prompts in its subsequent app update.
3. Prioritize agility above all else.
Although many startups initially launch as flat organizations, as they grow, they often revert to a more traditional hierarchical system. According to Zach Ferres, CEO of Coplex, a company that helps startups grow and scale using agile techniques, hierarchy divides rather than bridges the gaps that exist between people and departments.
In the same vein, a recent report from Forrester showed that 92 percent of businesses surveyed that were highly successful at managing change were, at the very least, also moderately agile. The more agile they were, the more effectively they could administer innovative, organizationwide changes.
Traditional health care is a full pendulum swing away from your typical startup, but today’s environment is anything but traditional. To maintain critical infrastructure to better support internal communications systems and key applications, healthcare organizations are mobilizing agility, using bimodal IT strategies.
Investing in, and deploying, a bimodal IT strategy, which entails managing two separate modes of IT -- one focused on stability, the other on agility -- helps organizations align business goals with IT.
This accommodates for the availability of electronic health records, for example, which is both predictive and mission-critical.It also opens up access to sophisticated, on-demand compute cycles for data analytics using cloud connectivity. This approach is a win-win IT philosophy that can wildly benefit all startups.
The unique nature of the healthcare industry poses some equally unique IT challenges, but there are plenty of universal lessons for other industries to take away. Apply these three best practices to your own budding venture, and watch it develop into a more secure, data-savvy and agile powerhouse.