Working with your clients to keep healthcare information secure

Article

Context

Stay Smart Online Week ran from 8-14 October and centred on the theme ‘Together we can reverse the threat of cybercrime.’ A key message was to update software on all devices. The campaign highlighted 80% of Android users and 23% of iOS users hadn’t installed the latest software updates.1

Some people don’t like going to see the doctor but it is important to their health. Similarly, healthcare organisations often don’t like having to patch software but it is important for security. A survey by the Ponemon Institute found that 58% of healthcare breach victims reported being breached due to a vulnerability for which a patch was available.2

Ensuring that your clients are using a supported version of your software and applying patches to address known vulnerabilities is an essential part of keeping healthcare information secure. A successful patch management solution is developed in partnership with clients to reduce the risk of a change causing a conflict with other software and systems.

Software vendors are challenged by finding a balance between the costs of secure code review and investing in future product enhancements. Having a product roadmap that factors in secure code review and simple patch management processes can improve client experiences, create a competitive advantage and build your reputation.

Making the application of patches easy for your healthcare clients could be achieved by offering solutions that support incremental patching or the ability to choose when they want patches to be installed. This can be enhanced by enabling users to receive notifications for updates or make them automatic. It can be difficult for large healthcare organisations to educate users about the importance of applying these changes, which could be assisted with instructions in the notification messages. To support clients with complex environments, offering the option to roll back a change can reduce hesitation associated with the risk of a patch causing a conflict and service interruptions.

Ensuring that the latest, or a supported, version is in use may be accelerated by attractive pricing or incentive models that encourage healthcare providers to update their software. A recent Australian survey revealed that 22% of healthcare organisations were frequently using unsupported solutions.3  This represents both a risk to the information those solutions store and an opportunity for software developers to partner with these clients.

To learn more about the impacts to healthcare organisations of failing to patch software and systems, see the Agency’s briefing papers for IT Professionals and Senior Managers.

Working with your clients to keep healthcare information secure banner

 

[1] Symantec Internet Security Report 2018. Available from: https://www.symantec.com/security-center/threat-report

[3] Health Informatics Society Australia 2018 Cybersecurity Survey. Available from: https://www.hisa.org.au/wp-content/uploads/2018/07/HISA-Healthcare-Cybersecurity-Report_June-2018.pdf

By operation of the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule 2016, on 1 July 2016, all the assets and liabilities of NEHTA will vest in the Australian Digital Health Agency. In this website, on and from 1 July 2016, all references to "National E-Health Transition Authority" or "NEHTA" will be deemed to be references to the Australian Digital Health Agency. PCEHR means the My Health Record, formerly the "Personally Controlled Electronic Health Record", within the meaning of the My Health Records Act 2012 (Cth), formerly called the Personally Controlled Electronic Health Records Act 2012 (Cth).

Back to Top