Following a recent wave of ransomware attacks on hospitals and healthcare providers, cyber attacks and the potential hacking of hospital computer systems have become a prevalent concern for all healthcare organizations. The use of ransomware, which attacks medical technology and electronic health records, could result in significant service disruptions, adverse events, and liability – yet many organizations are woefully underprepared.
This was highlighted by a two-year research study by Independent Security Evaluators (ISE) that examined healthcare facilities, data facilities, web applications, and device manufactures. ISE concluded that healthcare providers and entities are vulnerable to hacking and cyber attacks because they are insufficiently prepared, lack proper technology, underestimate the sophistication of the attackers’ methods, and rely too heavily upon institutional compliance.
Preventing hackers from gaining access to patient information, as well as hospital computers that control crucial facility infrastructure, is critical to avoid loss of business, inconvenience to patients, damage to reputation, and liability risks. Most importantly, understanding how you and your employees can help to avoid these attacks is imperative for successful prevention planning.
Various studies underscore the role of human error in causing data breaches, with some estimating that as many as 95 percent of attacks were precipitated by lack of employee oversight. Educating staff on the risks of downloading, clicking on links, or running unknown USB drives on computer systems will reduce the chance of unwanted intrusions. Other prevention strategies are to: provide security awareness for all employees, block malware at the firewall, install intrusion detections software, schedule regular systems backups, perform a yearly facility risk assessment, and avoid relying solely on encryption for ransomware security protection.
Lastly, to assure protection against unwanted cyber attacks, C-Suite executives should review and evaluate security budgets and consider allocating funds for preventative measures and software intrusion protection. After all, a proactive approach is always the best means of prevention.
Author Ann Whitehead, RN, JD, is Vice President of Risk Management & Patient Safety at the Cooperative of American Physicians, Inc. (CAP) in its CAPAssurance, A Risk Purchasing Group, program that offers hospitals, large medical groups, and other healthcare facilities access to top-rated liability protection and risk management services.