By Lissa Ngenda Mwenda | Partner Engagement Specialist – IHM
On August 18, 2023, the World Bank released a digital in-health publication entitled Unlocking the Value for Everyone. Of particular note in this publication was how health data has experienced the most growth over time in comparison to any other sector. In fact, an estimated 36% of the data in the Global Datasphere consists of health data (Reinsel et al. 2018). Working for my organization has been an opportunity to bear testament to this. Every single day, I see the huge amounts of health data generated from the health spaces we support. The potential this data holds does not go unnoticed by us; we are witnesses to its power, whether in raw or processed form. Lurking in the shadows, unfortunately, is a threat that recognizes the potential this data holds and looks at it with an intent not as chivalrous as ours. The cybersecurity threat.
Over the last decade, our continent has experienced immense growth in the digital sphere. This is a trend that shows no signs of halting or slowing down. This surge in digital presence has unfortunately brought with it an increased frequency and sophistication of cyberattacks. While our country has been relatively fortunate in terms of cyberattacks targeted at our health sector, countries like Kenya and South Africa have not been as lucky and have faced the highest level of cybersecurity threats on the continent. The fact that these countries that border us so closely have not been spared is reason enough to be wary and stay ahead of the curve by taking the necessary proactive measures to keep our health data secure.
The health sector presents itself as an enticing target for cyber threats owing to the prevalent use of outdated technology and infrastructure across numerous providers and organizations. My experience in the digital health sphere over several years has provided firsthand insight into this ongoing reality. The widespread reliance on obsolete and disconnected systems poses formidable challenges to safeguarding our data against such threats. Legacy systems and varied, decentralized management contribute to inconsistent security standards and vulnerabilities. This fragmented approach not only complicates monitoring and impedes threat detection but also adds complexity to integration, resulting in operational inefficiencies. Configuration disparities across systems hinder standardization, limiting governance and control. Consequently, in comparison to other sectors, security breaches in healthcare often go unnoticed for extended periods due to these shortcomings. Fundamentally, the health sector’s technological lag has created an ideal landscape for cyber-attacks, exploiting vulnerabilities, and endangering sensitive healthcare information. One could convincingly argue that the emphasis placed on securing financial data should equally extend to safeguarding health data, given its comparable sensitivity and potential impact.
The Institute for Health Measurement (IHM) is well aware that healthcare is a prime target for cybercriminals, and we are taking proactive and holistic steps to protect the tremendous amounts of health data in our hands. We are also aware that change cannot happen overnight and that “being secure “is never really a complete process, nor is it a cheap undertaking. We know that securing the country’s health data cannot be achieved on our own but rather requires the concerted effort of every stakeholder in health. We also know that the risk of not putting controls in place far outweighs the benefit of achieving even a reasonable amount of security.
As part of leveraging the Centers for Disease Control and Prevention’s (CDC) Technical Assistance Platform (TAP) mechanism, one of the steps taken was hosting Derek Carroll, Enterprise Architect supporting the CDC Global Health Center team at Peraton Inc., and Mike Smith, Sr. Software Engineer at Peraton Inc. Over the course of two weeks, Derek and Mike collaborated with IHM and the Ministry of Health. Their goal was not only to identify and comprehend existing vulnerabilities but also to actively contribute their expertise in supporting the mitigation and resolution of these vulnerabilities. They played a pivotal role in bridging gaps and bolstering the security framework.
This collaboration significantly complemented the ongoing efforts of our local cybersecurity industry. It’s a concerted effort meant to leverage existing expertise and foster a highly collaborative approach. Peraton’s expertise in system engineering, space technology, and cyber security has driven revolutionary advancements that have helped provide security against ever-evolving threats in the US and beyond. At the heart of Peraton’s success lies collaboration. Strategic partnerships with government agencies and industry counterparts have been pivotal in driving transformative initiatives. The timeliness of this technical assistance, therefore, could not be overstated.
Over the next year, there will be multiple follow-up visits from the Peraton team. The primary goal of each visit will be to move further away from our current state to what would be deemed an ideal state. Presently, the team is unpacking the information gathered from different sources. This analysis will then serve as a foundation for developing an action plan comprised of multiple-level tiers. The recommended strategies will span from project-specific interventions to broader-scale initiatives that will require the involvement of governmental and regulatory authorities, given that this venture aims to positively impact our entire health sector and the nation as a whole.
As an organization, we are aware that changes won’t happen overnight, but sometimes the smallest step in the right direction ends up being the biggest. In our case, the hope is that it will be the safest too.
