The benefits of digitisation in hospitals and healthcare contexts are easy to see: from instant access to patients’ records, which are always up-to-date, to sharing skills between buildings with videoconferencing. Hospitals are vast, complex organisations – exactly the kind that can be streamlined via smart, innovative tools.
But hospitals are also far from immune to the risks of the digital age. Last year, at least three US medical centres admitted they had paid over ransoms demanded by criminals who had breached their servers and threatened to destroy all data on them. Experts believe this is just the tip of the iceberg; if many more attacks happen, much more sensitive data could be stolen.
While it’s a slightly unfair cliché to say humans are the weakest part of any ICT security deployment, it’s not entirely untrue either. And hospitals rely on hundreds of staff, with varying levels of technical expertise, who may or may not need access to core data systems. As far as we know, the hospitals that have admitted to data breaches in the US were all infected by malware hidden in email attachments.
Peter Mills, head of healthcare sales and service management at T-Systems South Africa, says simply developing the technology for hospitals is not enough – you need to follow through and make sure staff understand it.
This is especially important in South Africa, where often people are not computer-literate.
“The skill level of staff can determine a successful project or not,” Mills says. He adds that staff need to be taken along on the project journey, with training in the new software being an essential element. After all, if staff don’t understand the software, they are less likely to use it.
T-Systems, which has partnerships with various hospitals in South Africa, therefore treats staff feedback and training as key to the success of projects.
If staff training could eliminate all risks of human error, however, there would be almost no cybersecurity issues in the world. Technical solutions are also needed.
Neil Cosser is the identity and data protection manager for Africa at Gemalto, an international company that specialises in identity-based security.
“While data breaches in the financial sector or at major retailers may resonate more in consumers’ minds, files that contain someone’s medical data can make victims much more vulnerable,” Cosser says. “Let’s not forget that, not only do medical records usually contain payment and billing information, leaving credit card information exposed, but they also often contain sensitive data… that could enable a fraudster to obtain medical services under the victim’s identity and private healthcare insurance benefits.”
The healthcare industry is a top target for data breaches, according to Gemalto’s Breach Index Report.
The actual number of breaches in South Africa is unknown. Companies are not currently obliged to disclose data breaches, although that will change if the Cybercrimes and Cybersecurity Bill becomes law.
However, Gemalto recommends that all organisations using ICT solutions protect their cyber infrastructure. “As criminals find new ways to access data from multiple points, healthcare organisations must take a multilayered, dynamic approach to secure these valuable assets,” Cosser says.
So, is it worth it?
With all of these challenges facing the implementation of ICT healthcare solutions in South Africa, you may be asking whether it’s worth the trouble. According to experts, it’s a resounding “yes”.
Not only do these solutions help with efficiency, but they help to track cash flow and save money for hospitals, Mills says. This means the money hospitals save, especially in the public sector, can be used for improving patient care and buying more medical technology.
Cosser adds that going digital can also improve service delivery to patients. The first thing that needs to be done, though, is to get investors, healthcare providers and government programmes on board with these types of projects.
In a country where healthcare still needs to make significant strides to catch up with the rest of the world, ICT solutions are one step towards this goal.