In the 2016 Rio Olympics, 35-year-old Anthony Ervin captured a gold medal in the 50-meter freestyle, becoming the oldest individual swimming gold medalist. As a swimmer myself, watching Anthony perform so well motivated me to become better at a sport I’ve enjoyed for over 20 years now.
So shortly after that, I hired a coach. During our first training session together, I told him I was hoping to become an even better swimmer, despite the experience I already had. He told me to jump in the pool and swim a few laps.
According to my coach, my form was less than ideal and I had a lot of work to do before I was ready for gold. I was a little shocked, considering I’d been doing this for so long, but I listened to his advice and continued training with him. Over the course of a few months, we worked on, among other things, extending my arm further in front of me, bringing my elbow out of the water more and shortening my kicks. The process was slow and challenging, but over time, I started to see improvements.
I learned two things from this experience: first, I’m not cut out to become an Olympic athlete. Second, I realized that having a good mechanical foundation was imperative to my success as a swimmer.
Let’s compare this idea to the healthcare industry. Hospitals and clinics around the world use and store patient information, including images including X-rays, MRIs, and CT scans. This data is created and stored through a system called picture archiving and communications systems (PACS).
Medical device manufacturers that engineer PACS systems are good at building devices, but in recent years we’ve identified a flaw in their mechanics: the devices don’t account for security risks. What makes this so dangerous is the devices are now connected to the internet, causing a significant emerging cyber threat. If these devices are compromised, patient health information could be lost and images and data manipulated, with such devastating consequences as misdiagnosis of symptoms.
Having been swimming for 20 years, I had a set way of doing it. Likewise, many of these device manufacturers have been building devices for decades and have very established processes for doing so—with nonexistent cybersecurity measures in place. And just as my swimming mechanics needed some work, these processes also need improvement to prevent patient data from being stolen and exposed.
Changing the way things are done is hard. However, to ensure that patient data is being protected within healthcare, it is vital that the industry take steps to increase cybersecurity defenses.
Luckily, the National Institute of Standards and Technology (NIST), in partnership with DigiCert and companies including Cisco, Philips, Hyland and Clearwater, has been working to reduce threats within PACS ecosystems.
NIST recently issued a guide made specifically for healthcare delivery organizations to help them implement better cybersecurity practices within PACS ecosystems. DigiCert has been involved in authenticating connections and making sure all actors within PACS ecosystems are trusted. We are proud to be a part of this initiative and ask that organizations review and implement the guide to make our healthcare ecosystem more secure.
When I was training to become a better swimmer, it took months of a concerted effort for me to see significant progress. Likewise, strengthening healthcare cybersecurity will take focused effort, repetition, and practice, working with security professionals. The NIST guide is meant to provide organizations with assistance in this process to make security easier to implement. And though the process might be a little painful, the outcome will be worth it as valuable data and identities will be protected from attacks around the world.
Click here to view the NIST guide.