/ Safer Healthcare Requires Cooperation Subscribe

Healthcare is in the midst of a revolution. 在一些提供全民医疗保健的国家，如法国，病人身上携带有a chip card 这使得医疗保健提供者可以立即访问患者的病史. In the U.S., companies such as Open mHealth 是否在单一结构化平台中促进健康数据的存储和共享，以便医疗保健提供者和其他用户可以跨一系列软件和设备访问相同的数据. Still, the truly effective integration of the web into the U.S. 医疗保健系统仍然是一个未实现的梦想，网络安全的失败是主要原因.

The enhanced, though by no means complete, 电子健康记录(EHRs)和医疗设备的互操作性已经提高了医疗保健服务的效率. 病人现在可以通过他们的供应商设计或从第三方购买的网关在任何地方访问他们的记录. 医生可以从维护大量文书工作的负担中解脱出来，同时, theoretically, 通过层层在线保护来维护记录的隐私. Yet, 由于医疗保健实践欢迎物理设备的内部网络, and integrate EHRs, system vulnerabilities have only become more prominent. 由于预算紧张和管理费用高昂，医院更新技术的速度很慢. 与此同时，黑客在规避安全措施方面做得越来越好.

实现完全网络化的医疗保健系统的一个主要障碍是，安全和隐私的负担在法律上由医疗保健提供者承担. Institutions must prioritize security in order to comply with HIPAA. Current measures, however, 包括缺乏标准化和对技术更新的不作为的谨慎, hinder rather than promote health care delivery. 在过去的几个月里，世界各地的医院都遭受了 cyber attacks, resulting in massive data breaches and workflow disruptions. Gaps in cybersecurity are widespread, and they affect nearly anyone who seeks healthcare in the modern age.

Healthcare is a multi-billion dollar industry, and its facilities, filled with intimate personal information, are an attractive target for hackers seeking to undermine trust, access financial information, or acquire ransoms. 勒索软件之所以被广泛使用，是因为它以低投入成本提供了高回报. Usually found in easily shareable and downloadable file attachments, 勒索软件将数据库加密到无法破译和无法使用的程度. Hospitals suffer 88 percent of ransomware attacks in the U.S., with an estimated cost of $6.2 billion per year. 由于缺乏准备、培训和劳动力能力，攻击往往会成功. 网络安全和IT安全专业组织(ISC)²的主管丹·瓦德尔(Dan Waddell)说 emphasized 卫生保健机构需要对个人进行广泛培训才能认识到这一点, defend, and recover from attacks. As healthcare delivery is critical and urgent, most hospitals, with patients in the waiting room, 没有时间等待数据恢复或恢复. Hospitals often pay the ransom.

实现完全网络化和安全的医疗保健系统的障碍是重大的, and they require a balanced approach. 良好的医疗保健和良好的网络安全需要安全专家和医生之间加强沟通，了解哪些创新是必要的，并且可以轻松地集成到当前的基础设施中. With a 1.8 million worker gap in the cybersecurity workforce projected by 2022, 医生和该领域的其他专业人员必须创新，自己提出和制定新的措施. 我们应该通过将网络安全整合到现有的医疗项目和机构中来认识到网络安全的日益突出. In fact, as it stands healthcare and cybersecurity are often at odds. Koppel, et al.’s 2015 study revealed that many healthcare professionals regularly circumvent security measures, not out of malice but in order to do their jobs effectively. 一些医生坚持认为，复杂的安全程序导致了技术故障，阻碍了常规操作, such as relaying a prescription. Other physicians find their practices stalled by security measures. As Koppel, et al. found, a doctor easily spends 1.14个小时的工作日中有5个小时仅仅是登录各种密码保护层. Thus, the onus of security increases the workload on physicians. 与病人进行15分钟的会诊可能需要医生花45分钟处理文书工作和更新电子病历. Hospitals need more security, 但医疗保健和网络安全需要更好的整合，这样安全才不会损害医疗保健的效率和质量.

Governance and regulation should be part of the solution, but they may not be able to solve the problem entirely. Despite widespread support for industry-wide standards among patient and physician respondents, significant gaps in comprehensive regulations exist. In June 2017, following several ransomware attacks, the Health Care Industry Cybersecurity (HCIC) Task Force published a report 它强调了医疗网络安全的关键条件，并提供了六种高级解决方案. These imperatives focus on streamlining governance; improving the resilience of medical devices; increasing the workforce capacity; promoting awareness; researching new protection mechanisms; and, critically, sharing information across the industry. On July 14, 2017, 38 governors announced their pledge to strengthen efforts to protect state systems. In order to address the cyber-workforce gap, the governors agreed to increase the number of related degree programs in colleges; enroll and train veterans; and encourage institutions to pursue a special National Security Agency certification. 然而，即使是这些措施也没有考虑到医学和网络安全的兼容性. 只有安全提供商和医疗保健提供商中的创新者才能通过监测患者和医生用户的满意度，评估新的安全措施在医院环境中的集成效果并做出反应.

Cybersecurity should not impede on medical practice; it should strengthen it. 新的措施应该使网络安全在医疗保健环境中更容易、更安全、更容易获得. 新的认证技术和数据隔离可以帮助简化安全性，并增加医生与患者相处的时间. In an increasingly interconnected world, 网络安全必须与提高医疗质量相平衡. 为了在美国实现完全网络化和真正高效的医疗保健系统.S. 是否需要所有相关人员的创造力和协作——安全专业人员, doctors, and patients alike.