Speaker
Eric Perakslis, PhD
Chief Science & Digital Officer
Duke Clinical Research Institute
Professor
Department of Population Health Sciences
Chief Research Technology Strategist
Duke University School of Medicine
Topic
Cyberthreat, Cybersecurity and Cyber Compliance in Clinical Research and Healthcare: One Size Fits None
Keywords
Cybersecurity; Attack Surface; Cyber-Compliance; FISMA; InfoSec
Key Points
- Over 40 million medical records are compromised each year.
- Electronic Health Information is targeted due to its high value with respect to improper medical payments. Medicare estimates over $25 billion in improper payments each year.
- The focus for cybersecurity should be on the most vulnerable groups. Women, BIPOC, and elderly populations experience cyberattack and identity theft more often than other populations.
- Security objectives should focus on confidentiality, integrity, and availability.
- The Cyber Risk Equation: Risk = Threat*Vulnerability*Impact*Likelihood
- When starting a study, design with cybersecurity in mind, minimize attack surface, know your weakest link, add InfoSec expertise to the design team, and lean-in to innovation.
Discussion Themes
Researchers should take some responsibility for learning how to secure patient information. Training programs to make researchers more aware of cybersecurity concerns would increase researcher comfort in working with electronic health data.
A research network consisting on multiple sites may have differing needs and capacity to secure data. Treating each research site individually could allow greater representation in research, but those sites may be more vulnerable to cyberattack.
Read more about cybersecurity by Dr. Perakslis in A cybersecurity primer for translational research.
Tags
#pctGR, @Collaboratory1, @eperakslis