Identification and Explanation of Problem
Nursing
informatics is a specialty of health informatics as well as a recognized subspecialty
of nursing. As such, its focus is on how
digital data used in nursing is acquired, stored, retrieved, and presented
(Sewell, 2016). Advancements in
technology & communication has, undoubtedly, invaded all professions,
including that of nursing. The use of
innumerable devices, systems, and networks have created concern for issues
pertaining to patient privacy & security of healthcare information. Cybersecurity
is the practice of protecting this information through the detection,
prevention, and response to potential breaches, or cyber-attacks (U.S.
Department of Homeland Security, 2018). Nurses,
as frontline providers of patient care, and as users of these technologies,
need to be made aware of these threats and how to best evade them.
Dobran
(2019), estimates that healthcare security breaches will have cost organizations
six trillion dollars by 2020. In the
past two years, 89% of healthcare organizations reported experiencing a data
breach. One of the greatest threats currently
plaguing the healthcare system is ransomware.
Ransomware is the term used for when a hacker infiltrates an
organization by embedding a virus, or malware, into their system, then
demanding a ransom in order to return the system back to functionality. Unfortunately,
oftentimes these ransoms are paid because the damage to the data, loss of
productivity, and danger to patients will result in an even more expensive
outcome than the alternative. On one survey study, 82% of healthcare
organizations admitted that digital security was their top area of concern
(Snell, 2017). Even with the vastness of
this problem, 39% of healthcare organizations report a lack of qualified,
knowledgeable employees to help fulfill the cybersecurity roles, while 54% of
surveyed associates report their biggest problem is employee negligence
(Dobran, 2019). Stockwell (2018) agrees
by stating that nurses do not understand the risks of their actions when it
comes to safeguarding patient information.
It doesn’t help that medical devices themselves, are areas of
vulnerabilities. Such devices include
cardiac pacemakers and insulin pumps, both of which are now interoperable with
electronic health records (EHR). EHR data
breaches can lead to things such as identity theft, fraudulent insurance
claims, and medication diversion. Old
operating systems and equipment are also known to pose a threat. Clearly the size and nature of this problem warrants
further attention.
Proposed
Interventions/Solutions
The
first step in helping to correct the problem is education. It should go as far back as nursing
schools. Knowledge on this important
topic should be ingrained in nurses’ minds by the time they are ready to
practice. Cybersecurity training should also
be mandatory for all new nursing employees within any facility, along with
annual refresher courses for continued employment. This training should consist of the nurse’s
role in maintaining patient safety and privacy.
Information on malicious software should also be presented, with an
emphasis on methods to avoid these viruses. This type of training can go a long way. Stockwell (2018) suggests that the whole
culture and mindset on this issue needs to change; That cybersecurity has to be
perceived as a significant and urgent public health issue, requiring everyone’s
involvement, rather than just as a challenge needing to be dealt with by
information technologists.
Kruse,
Frederick, Jacobson, and Monticone (2017), suggest that after software
technologies are installed, those which should require things such as usernames
& passwords, automatic logoff response, and encryption & decryption
properties, that this software then needs to be routinely updated. By doing so, technology based on recent developments
& intel can be downloaded to help combat these cyber-attackers. Preparing and hiring more nursing
informaticists is also a way to tackle the problem. Kruse et al (2017) also point out that facilities
are spending 95% of their IT budgets on implementation of new systems, with
less than 5% going into making sure that these systems are secure. This is a problem, one that requires an
increase in the hiring of qualified professionals who are equipped to handle it. Nurse informaticists are the ideal
candidates, as they are driven to boost organizational efficiency, cut costs,
and improve quality of patient care.
They know what it is like to be a staff nurse and that along with their
knowledge of computer & information sciences, make them the ideal professionals
who will be able to provide support to nurses, other staff members, and of
course, patients (Nurse Journal, 2019).
Other interventions that can help with cybersecurity may include having a system in place
that will require periodic password changes for all employees. Also, a warning sign appearing on work emails
received from sources outside that of the facility, may help employees pay
extra attention to what they may be clicking on and whether or not it may be
safe. Stockwell (2018) suggests sending
out test emails to assess employees’ responses, having them take a class if
they click on something potentially unsafe. It’s certainly a proactive approach. Software updates on medical devices are also
important, as malware are known to alter data and cause diagnostic issues. Billingsley and McKee (2016) agree that
nurses need to take an active role in identifying devices that need
updates. Malfunctions should be reported
as soon as they happen, while proper cybersecurity maintenance practices should
be upheld. Nurse leaders should
encourage this and be facilitators in finding ways to preserve integrity of
devices as well as cybersecurity standards. Having a good backup and data recovery system
in place is also recommended by cybersecurity experts to avoid coercion during
ransomware threats (Raske, 2019).
Remaining
Challenges
Success
in cybersecurity still holds many challenges.
As more and more technological medical software & devices become
available for use, they are likely to continue to factor in as vulnerabilities to
the healthcare system and hence, to the patient populations. This suggests that there will always be a need for
continued educational reinforcement as well as for qualified professionals to
help pave the way for patient rights to privacy and security of health
information. The fact that manufacturers
of medical devices do not work in conjunction with hospitals is also a
challenge, as they may not understand the intricacies of their connectivity
flaws and their effect on the healthcare system. More conversations & collaborations need
to occur among these two industries (Raske, 2019). To accomplish any of these things, however,
healthcare systems need to come up with more funds to spring the right pieces
and the right people into action. This
can be a challenge in it of itself.
Implications
for Nursing
The
nursing code of ethics states that a nurse’s primary commitment is to their
patients' health, rights, and safety. Part
of these rights include privacy and confidentiality. Current trends in cybersecurity pose a threat
to basic nursing responsibilities and obligations. Not responding to these threats would be compromising
the ethical standards of this profession.
Because of this, issues in cybersecurity is one that needs to be taken
more seriously. The first step for
advanced practice nurses (of all disciplines) is to bring awareness of cybersecurity
vulnerabilities as well as the appropriate safeguarding actions needed, to
staff nurses. All nurses need to make an
effort to keep up with the latest updates & discoveries in cybersecurity
through continuing education courses and, hopefully, through periodic facility staff
training. Nurses have the responsibility,
as the largest number of frontline providers, to safeguard patient information
through all the means previously discussed here. Participating or conducting research studies,
as well as collaborating with other members of your team, with members of
different disciplines, and/or with members of different industries, are also
ways to contribute to decreasing the threats to cybersecurity. For nurse informaticists, continued advances
in technologies, means greater job market opportunities. The truth is, nurses from all disciplines
will be affected in one way or another by the changes starting to be made due
to the degree of problems arising from cybersecurity breaches. As one of the most trusted professions, it is up to all nurses to stay informed and do what
they're called to do.....protect patients' rights, physically and now also virtually, as in this day and age these are often not mutually exclusive.
References
Billingsley, L. & McKee, S.
A. (2016). Cybersecurity in the clinical
setting: nurses’ role in the expanding
“internet of things.” Journal of
Continuing Education in Nursing, 47(8), 347-349.
Dobran, B. (2019). 31 must-know healthcare cybersecurity and data breach statistics 2019. PhoenixNAP. Retrieved from https://phoenixnap.com/blog/healthcare- cybersecurity-statistics
Kruse, C. S., Frederick, B., Jacobson, T. & Monticone, K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25, 1-10. doi: 10.3233/THC-161263
Nurse Journal (2019). Nursing Informatics Career & Salary. Retrieved from https://nursejournal.org/nursing-informatics/nursing-informatics-career-outlook/
Raske, K. (2019). Cybersecurity challenges in healthcare. VIPRE. Retrieved from https://www.vipre.com/blog/healthcare-cybersecurity-challenges/
Sewell, J. (2019). Informatics and nursing: Opportunities and challenges (6th ed.).Philadelphia: Wolters Kluwer.
Snell, E. (2017). 25% of healthcare orgs not encrypting patient data in cloud. Health IT Security. Retrieved from https://healthitsecurity.com/news/25-of-healthcare-orgs-not-encrypting-patient-data-in-cloud
Stockwell, S. (2018). What nurses need to know about cybersecurity. American Journal of Nursing, 118(2), 17-18. doi:10.1097/01.NAJ.0000549682.13264.dc
U.S. Department of Homeland Security. (2018). What is cybersecurity? Retrieved from https://www.us-cert.gov/ncas/tips/ST04-001
