easy steps healthcare organizations can take now to improve cybersecurity
Since electronic medical records (‘EMRs’) were introduced, accessing accurate patient information has never been more convenient. Having quick access to patient’s medical information on a digital platform is starting to become an industry standard; but innovative and efficient technology always comes hand in hand with potential cybersecurity problems. It’s no secret that the last couple of year have been stressful and disastrous, full of security breaches in the healthcare industry. According to the HIPAA Journal, there were 329 reported breaches of 500+ medical records with a total of over sixteen million medical records exposed in 2016, the second worst year of all time behind 2015. It would be no surprise to see 2017 with similar numbers.
Data breaches into a patient’s medical record is a lucrative business for hackers and cyber-criminals, for a variety of reasons. EMRs contain a large variety of information about individual patients, including their name, address, phone number, places of work and positions, ID’s, card numbers, and medical and social insurance. If this information falls into the wrong hands it can be used for identity theft, receiving medical care at the expense of the victim, ordering expensive drugs with the intent to resell, conspiring with an employee at that company to bill insurance companies for non-rendered payments, or simply holding that information ransom to make a quick buck. Besides material losses, stealing patients EMRs can also endanger the victim’s health. Fraudulent actions recorded on the victims EMR due to the criminal can conflict with future treatments or actions, due to a physician possibly being misled by inaccurate information. Regardless of the criminal’s intent, healthcare organizations need to do everything they can to strengthen security and policies, and keep up to date with the best cybersecurity practices.
There are a handful of easy steps organizations can take to reduce their chances of being exposed. One of the biggest steps an organization can take is to limit remote connectivity by offering fewer access points to healthcare data. Restricting BYOD to only organization administered devices is important, it lets your organization control the data, malware/anti-virus protection, and remote data wiping. Blocking tracking cookies and keeping online traffic as invisible as possible will help prevent third-parties from accessing any doors to your network, and restricting employee access to social media and external mail sites on your network is a great idea as well. Choosing third-party technology companies (e-signature, billing software providers, e-prescribing, etc.) to work with your organization is common in healthcare, so it’s also important to choose a provider that meets or exceeds your security expectations. Training your staff, regardless of their department, on cyber protection policies is also another simple and easy step you can take to reduce the risk of a security breach.
It’s commonly accepted that it’s nearly impossible to be 100% protected from security breaches in any organization, but taking a few simple steps is a great start. It immediately reduces the threat of anyone accessing private patient information that could be exploited for financial reasons, or threaten the health and well-being of your patients and staff.