COVID-19 changed life as we knew it, and few understand that better than those working in the health care industry. Business as usual turned to chaos as the virus led to overrun hospitals, overworked staff, and a surge in cyber crime as criminal hackers took advantage of a sidetracked medical industry.
This is a guest article written by Jori Hamilton. The author’s views are entirely her own and may not reflect the views of IT Governance USA.
Although the vaccines appear to be working, 2021 is proving to be just as challenging as 2020. Hospitals are still busy, and we also have a rise in the use of telehealth as patients look for health care from their homes.
Cybersecurity is more essential than ever, and there are a few new threats that you’ll want to keep an eye on. Let’s look at the potential issues and how your medical practice can protect the rights and data of your patients and staff.
Cybersecurity in health care
The issue of cyber crime in the health care industry is not one that can be taken lightly. Not only are health professionals tied to the HIPAA (Health Insurance Portability and Accountability Act) and the HIPAA Security Rule but they also owe it to their patients and their bottom line to keep cyber criminals out of their organization. Every stolen record can cost an organization $146 a pop, and it may not have the funds to recover.
Experts are predicting a rise this year in the number of ransomware attacks in which the crooks hold the network hostage, thereby halting any medical work, and threaten to publish private patient information until the ransom is paid. Criminal hackers are aware that medical organizations will be quicker to pay up now than they were before the COVID-19 pandemic so they can get back to treating their patients.
The uptick in ransomware attacks means that medical establishments will need to be more proactive in securing their data. All patient and hospital data must be backed up regularly so that even if a cyber attack does occur, you can restore the data. And with staff continuing to work remotely, sometimes from public places like coffee shops, they will have to be extra careful to secure their devices and avoid using unsafe Wi-Fi networks.
Telehealth introduces vulnerabilities
While telehealth and online screenings have been around for a while, the COVID-19 pandemic saw a surge in the use of these digital services. It’s a trend that won’t be going away anytime soon. A study from June last year found that 83% of patients plan to continue using telemedicine even after the pandemic subsides. While these services are great for those in rural areas or older age groups, the data and information shared over the Internet is ripe for the taking by cyber criminals.
Criminal hackers have many methods of stealing information during these telehealth sessions, and the data they obtain can be very valuable. Many will attempt to steal your login information so they can either sell it on the black market or use it to log in and listen to your calls and then use the details shared between you and your patient for malicious purposes.
To protect your login details, use proper protection with a password that incorporates upper-case and lower-case letters, numbers, and special characters, and update the password regularly.
Any customer information that is documented or recorded during these calls must also be protected as any intrusion could allow the unauthorized individual full access to your systems. To that end, all work devices should be protected with antivirus software, and vulnerability scans should be run weekly. Software patches and updates should also be applied by the IT team on all company devices to ensure they are equipped with the best protection against viruses and malware.
Health care security must improve
Recent security incidents are a wake-up call for the health care industry, and new processes will be required to meet the challenge. The industry is notoriously bad at cybersecurity, as many health professionals believe they should be spending more time saving lives than worrying about issues like password protection. The problem is severe: 18% of health care employees admitted that they would sell patient data for profit.
This attitude needs to change, and the first step will be creating a crisis management plan. This plan can cover any number of disasters, from system failures to data breaches, and should list what action each individual is responsible for to mitigate the damage. The plan for a data breach, for example, should include:
- Determining the extent of the damage
- Notifying patients who were impacted
- Taking the proper steps to patch any vulnerabilities so it doesn’t happen again
Another reason health care is more susceptible to cyber threats is that organizations often suffer from a lack of resources and funding needed to hire security experts. To meet this need, many health care organizations are moving their data and systems to the Cloud.
With Cloud computing, all data can be accessed from one spot. Cloud providers also employ their own security experts, who can watch and protect your data at their end so the medical professionals can focus on their patients.
One positive that came out of 2020 was the realization by health care agencies that they needed to make a change. As health care organizations improve their security, they will make their employees’ jobs easier and better protect the rights of their patients.