Rhapsody Health Solutions Team

How the top 10 cybersecurity concerns impact integration and interoperability

March 22, 2018

Session 139 at HIMSS 2018, 10 Challenges in Managing Medical Device Cybersecurity, reviewed the top 10 technology hazards in healthcare IT for 2018 released by the ECRI Institute. While the focus of the presentation was geared towards medical device security, many of these challenges exist for integration technologies as well.

Patch management

Not surprisingly, patch management was near the top of the list. Patch deployment can directly impact patient care if patches to the most recent threats are not deployed in a timely fashion. This requires a patch deployment strategy, with regular patching processes in place. Patch implementation must evaluate clinical care impact – ideally vendors will have solutions to allow patching with little to no downtime. In addition, having a process for critical patching with no downtime is essential as well. Corepoint Integration Engine’s high availability feature, Assured Availability, ensures that no data is lost during planned or unplanned downtime.


Also near the top is the necessity to keep legacy technologies secure. This can be a big challenge because technologies designed five years ago likely did not place a premium on security. Ideally, vendors allow for upgrades that are not disruptive to clinical workflows. However, if upgrading is too difficult or even not possible, the security risk must be weighed against the clinical need of the technology.

From an integration standpoint, a non-functioning integration engine can bring down all the data flow in a health system if it is not updated and secured properly. Read: Improve PHI security using a modern interface engine.

Server management

In addition to securing the application, providing proper security for the servers they run on is just as important. It is important that the application run on operating systems that are still being updated for the latest security attacks. It is also imperative that the application be compatible with antivirus software protection. Ideally, a virtual environment would be preferred over a physical requirement, thus simplifying server management.

Remote access

If remote access is required for support, maintenance, or analytics it can provide a security hole to the server and application. Unsecure external communications should be strictly avoided. This would include default service passwords and unsecured transports. Remote access should be limited to VPN or encrypted transports such as TLS, and passcodes should be temporary or have an expiration.

Security was more widely discussed at HIMSS18 than in previous years. Recent ransomware attacks have certainly contributed to the growing emphasis on security. Providers and application vendors must stay on top of the latest technologies and processes to keep patient data safe and available.

These are four of the key challenges discussed in the session as they apply to integration technologies.

Related Blogs

Rhapsody Health Solutions Team

Opening a digital front door that removes friction between patients, providers, and payers with trusted, actionable data

Geisinger shares they’re freeing up resources, boosting efficiency, and transforming how healthcare data is used throughout Pennsylvania with Rhapsody integration and identity solutions

Read more

Gevik Nalbandian

Why patients should own their data

It’s time to flip the script on healthcare data ownership and take a patient-centric approach.

Read more

Jamie Light

Chief Strategy Officer shares data interoperability expertise on US and UK health digitization debate

Drew Ivan discusses the constant need for interoperability following any health digitization with HIMSS CEO, Hal Wolf and Healthcare World’s Steve Gardner.

Read more