Patient portals, Cloud security, People, Unsecured mobile devices, and the IoT exploits – Cybersecurity in Healthcare – What’s the risk?


The demands of health care are being defined on a myriad of evolving challenges striving to provide the best quality care in the most cost-efficient way. Efforts to meet these challenges are reflected in a variety of delivery systems including mobile health care devices, wearables, monitoring devices, cell phone images, and the Internet of Things (IoT). In order to connect patient care traversing the complex multiple settings of primary care, hospitals, insurance companies, academia, research, and an ever-growing list of stakeholders, these devices are ubiquitous.

Connected healthcare systems of individual patient’s medical care are inordinately attractive vectors for the delivery of quality care but remain a double-edged sword because of the treasure-trove of data represented in these systems and the manifold entry portals available creating significant gaps in security and render the data vulnerable to corruption, misuse, and ransom. The variations present in the delivery of healthcare complicate security design solutions requiring a frank presentation and discussion of challenges and solutions for healthcare forms.


Delivery and management of high-quality care with technology use information systems and simultaneously introduce risks to systems and presents new challenges. The Department of Health and Human Services’ Office for Civil Rights (OCR) explores the use of these information systems and healthcare entities practice regarding the HIPAA Security Rule for Protected Health Information (PHI). OCR also examines the requirements of the HIPAA Security Rule, with a special focus on security risk assessments (SRAs).