Navigate the healthcare industry
Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.
Cue Sam Smith crooning: We’ve got money data privacy on our minds.
A virtual showcase at the National Institute of Standards and Technology (NIST) in March highlighted two technologies that might prevent cyberattacks and unwanted data breaches.
Attribute-based access control, or ABAC, is an increasingly popular authorization model that protects “data, network devices, and IT resources from unauthorized users and actions,” according to Okta, a San Francisco-based identity and access management company.
The model is capable of filtering attributes such as job title, department, or location to limit access, according to David Ferraiolo, group manager for NIST’s Secure Systems and Applications Group.
“ABAC in general has lots of applicability to healthcare,” Ferraiolo said. “We can use it for controlling access to databases, so that we’re able to translate queries from people to permitted queries and submit those to the databases, enforcing healthcare policies.”
Access control can also prevent internal cybersecurity threats.
For example, an employee at the New York-based Huntington Hospital improperly accessed the electronic health records of 13,000 patients in 2021—a breach that an authorization model such as ABAC implementation might have prevented.
Remote patient monitoring technology is another prime target for cyberattacks.
Kamran Sayrafian, a senior scientist at NIST’s information technology lab, presented a wireless wearable device at the virtual showcase that monitors fluid buildup in lungs, known as pulmonary edema. The device uses Medical Device Radiocommunications Service (MedRadio) frequency radio waves to penetrate through tissue and identify lung fluid levels, as well as transmit the data, Sayrafian said.
These MedRadio waves are within the Federal Communications Commission’s recommendations for wireless medical devices, which are considered Internet of Things (IoT) devices that use a sensor to transmit data over the internet or other networks.
So the “chance of radio interference with another IoT device is less, unless there’s another device […] using the same frequency band as a variable or implant. Then there has to be investigation of whether there’s cost interference,” Sayrafian said.
Patients are right to be concerned about health data privacy, according to a 2022 survey of 641 healthcare IT professionals by the Ponemon Institute, a data privacy research center. Over 20% of healthcare organizations included in the survey reported increased mortality rates following one of two major types of cyberattack.