This week I reached out to three leading players in the Health IT space — Jono Noy from Noytech, Jim Doumakis from Jose Health IT and John Drummond from CyberSquad IT Consulting.
I asked them what advice they have for general practices on cyber security and cloud based vs on-site data in 2018. I also asked them to provide their predictions on the future of IT in healthcare and to comment on the most common issues they currently see in clinics.
What are some common IT issues you saw in clinics in 2017?
“Security was probably the most significant concern as well as the least understood. The onset of Ransomware infections — a malicious software that threatens to publish the victim’s data or block access to a site unless a ransom is paid — has affected many clinics who could have easily avoided the trap”.
Jono Noy, Noytech
“I saw a general lack of understanding in security requirements and disaster recovery. The best way around this is education so staff can develop their own procedures to minimise risk”.
Jim Doumakis, Jose Health IT
“One of the most common scenarios I encountered in general practice was unmanaged IT systems. I often came across systems that had no ‘patch management’, no antivirus and security monitoring/reporting, no disaster recovery testing and no maintenance plan. All of which mount up to be a huge risk”.
John Drummond, CyberSquad IT Consulting
What advice do you have for general practices around cyber security in 2018?
“There are two main things staff can do easily. (i) Passwords – A decent password is an absolute must, especially where clinics provide doctors/staff remote access from home. It’s worth noting that these days password length is considered more important than complexity. An 8 character complex password can still be cracked in hours, while just a few more characters can take a hacker years. And of course, don’t save passwords in remote access shortcuts. (ii) Emails – Learn to identify a phishing or spam email. An email alone can not easily infect your computer or network. Phishing emails usually require you to open an attachment or click on a link which in turn downloads an infected file. In most cases the easiest way to check the email’s legitimacy is to check the sender’s email address. Although the name might appear legitimate the actual address is rarely from the provider”.
Jono Noy, Noytech
“I’d say clinics need to lockdown their environment and really understand the key requirements of their networks. Again this really comes down to educating staff on their systems”.
Jim Doumakis, Jose Health IT
“Many of the practices I visit run desktop antivirus applications with the belief that this will protect them from viruses, malware, security breaches, hacking etc. The reality is that the people behind these attacks are highly organised and their methods have become very sophisticated. Desktop antivirus will not protect your GP clinic, full stop. Depending on your IT infrastructure I would recommend nothing less than a hardware-based threat management device. A threat management device is a physical piece of equipment that sits between your internet (outside world) and your internal IT network. It inspects every packet of data going in and out of your clinic, and often blocks malicious emails and websites, intruder hacking attempts etc. Another big risk is if your staff have the clinic WiFi password. This should never be permitted as it allows staff to connect their potentially unsecure devices directly to your network. I have even visited clinics that let patients access their internal WiFi on a ‘guest network’. This is highly unadvised”.
John Drummond, CyberSquad IT Consulting
What advice do you have for general practices around cloud-based vs on-site data in 2018?
“While moving to the cloud is inevitable for most businesses, don’t assume it’s instantly better. Not yet anyway. While there are plenty of pros to moving to a monthly subscription based model, as opposed to large outlays every few years, there are also plenty of cons too. With the daily threat of new viruses and cyber-attacks, cloud providers are continually updating their systems and security. This can often lead to unannounced changes to software and unpredictable outages. The other thing to be aware of is that many businesses in Australia are still far from being NBN connected and simply do not have an internet connection fast enough to support moving their business to the cloud. If you are considering moving your systems to the cloud talk to an IT provider that is cloud ready and be clear about your motives (ie. cost saving, simplicity, security, mobility etc)”.
Jono Noy, Noytech
“It really comes down to the business case. The business case needs to justify the infrastructure you use. Generally, if it is mobility then I say cloud is good and if it’s not mobility then in house will generally suffice. But like I said it really does depend on the business case”.
Jim Doumakis, Jose Health IT
“Cloud data (or hosted data) has certainly gained traction over the past 24 months. The hosted systems we are deploying for our clients are currently outnumbering onsite deployments in the realm of 10 to 1. It is now a very rare occasion that we would be looking to deploy physical server hardware onsite at GP clinics. The reality is that it is not financially viable for many clinics to deploy and maintain multiple physical servers onsite. As well as being more cost-effective there are other benefits to the right cloud-based system. As an example your clinic may only have a single physical server responsible for your medical applications and data. This is a single point of failure. If that server malfunctions or is stolen how long will it take to get a replacement server sought and your data restored? In my experience the answer would be days not hours. Cloud hosted systems generally have pools of high-availability enterprise servers. This means your cloud provider can have a server or several servers malfunction and their system will automatically failover to ensure you have zero downtime”.
John Drummond, CyberSquad IT Consulting
What predictions do you have for the future of IT in healthcare beyond 2018?
“Aside from being completely paperless, currently, integration with other systems is still somewhat clunky. As software is further developed, I think the healthcare industry can expect improved integration with state health organisations as well as other doctors. I also predict with the spread of NBN connections, and consequently cloud-based systems, we will see an increase in video/virtual consulting”.
Jono Noy, Noytech
“I believe that the healthcare industry is very much fragmented at the moment but I imagine in a few years there will be consolidation. I also think telehealth is going to play a big part in the future. Already we are seeing a lot more doctors and practitioners using telehealth and I see it going a long way because it can bridge the gap between general practitioners and people in remote areas”.
Jim Doumakis, Jose Health IT
“We are seeing a rapid switch from traditional desktop computers in favour of thin and zero clients. Thin and zero clients are computers that don’t do much processing themselves, but rely instead on an internet connection to a cloud provider to operate. New zero clients are designed to connect to modern cloud-based infrastructure and offer high performance. The benefit for clinics is that zero clients have no moving parts and an almost zero breakdown tendency. They also do not degrade like regular desktop PCs because their performance is 100% reliant on your cloud provider, which should hopefully be performing continual upgrades to keep your IT system running at peak”.
John Drummond, CyberSquad IT Consulting
Contact the Experts
Jono Noy (Noytech): 07 5499 7517 or [email protected]
Jim Doumakis (Jose Health IT): (03) 9850 1350 or [email protected]
John Drummond (CyberSquad IT Consulting): 1300 300 497 or [email protected]