Hospitals are places where sensitive patient information is constantly being shared and stored. From medical records to diagnostic images, the data that hospitals handle is highly valuable and must be protected at all times. This is especially true when it comes to video, as it is an increasingly common tool in healthcare. From virtual sitting, to remote consultations, to computer vision and artificial intelligence, video will play a vital role in hospitals. However, with its use also brings new security risks that must be addressed.
One of the biggest security risks for video in the hospital is unpatched software. Legacy video solutions on older operating systems do not benefit from modern cloud security – leaving them especially vulnerable to hacking and malware attacks. If the software is not regularly updated, it can leave the system open to exploitation by cybercriminals.
- Ransomware attacks on US healthcare organizations cost $20.8B in 2020 (Comparitech)
- Healthcare is the most targeted industry by ransomware (Check Point)
- In 2021 there were 40 million patient records compromised by incidents reported to the federal government (Healthcare IT News)
Vendors should be required to demonstrate how they address this without burdening a hospital’s limited IT capabilities.
Trust, But Verify
SOC2 Audits and Penetration Testing
SOC2 audits are a way for companies to demonstrate that they have implemented adequate security controls to protect sensitive information. These audits assess the company’s internal controls and processes, as well as their compliance with industry regulations. It is important that your video vendors have undergone a SOC2 audit, as it means that they have been independently verified as having the necessary security controls in place to protect your patient’s information.
Examples of Security Deliverables
- SOC 2 Type II report (Audit)
- InfoSec Program Document – A comprehensive report of all the information security policies and controls implemented, designed to provide further detail than is available in the Security Assurance Report.
- 3rd Party Penetration Report
- Privacy Policy – The policies and procedures that apply to the collection, security, use and disclosure of any of your personal data.
With Great Power Comes Great Responsibility
Threat and Opportunity
Video technology offers a wealth of opportunities for hospitals to improve productivity and patient care. Virtual sitting, virtual nursing and Computer Vision to watch patients are just a few examples of how video can be used to improve hospital operations and care. However, the more valuable the data being shared, the more important it is to ensure that it is protected. The use of video in the hospital creates a unique set of security challenges, and it is crucial that these challenges are met head-on to ensure the safety and privacy of patients and staff. As its usage grows, yesterday’s security through anonymity is no longer an option.
Security For Video In The Hospital Essentials:
- Ensure all video systems are regularly updated
- Verify your vendors have undergone SOC2 or HITRUST audits that include penetration testing
- You have implemented adequate internal security controls to explicitly chose who is allowed to access patients over video