An increasing amount of sensitive information is being stored online by more people, and this includes health data. While this makes filling your prescription or accessing your records more convenient, it also means hackers have an easier time accessing private data from more sources.
Maintaining security online is becoming increasingly important as data breaches happen with escalating frequency and devastation. Massive security breaches came one after the other last year, like the gargantuan Yahoo and Equifax attacks, which leaves an ominous feeling hanging over 2018.
Leaking email addresses and passwords is bad enough, but a massive breach of medical information could wreak havoc on millions of lives. To prevent, or at least mitigate, any future damage, we need to understand the role that cybersecurity plays in the healthcare industry, how to prevent potential breaches, and what to do if they happen.
Role of Cybersecurity in Healthcare
It should come as no surprise that hospitals, doctor’s offices, and other medical facilities are a popular target — they’re full of sensitive, identifying information, including names, addresses, medical histories, insurance information, and even Social Security numbers. Consider the fact that, generally, the healthcare industry tends to have poor security and you’ll understand why hackers zero in on it.
The increased connectivity between patient and physician or even between different computers in a doctor’s office offers more points of entry. All medical facilities are required to protect this private information from anyone who isn’t supposed to see it, and can be penalized if a breach occurs. According to the University of Cincinnati, “The U.S. Department of Health and Human Services Office for Civil Rights enforces the HIPAA Privacy and Security Rules to investigate complaints and conduct compliance reviews. If the OCR describes the complaint as a violation, the health care facility may be subject to civil and criminal penalties.”
Health care facilities can lose money from paying hefty fines, serve potential jail time, and suffer tarnished reputations. Cybersecurity should be an integral part of healthcare, and if it’s lacking, improving security measures is of the utmost importance for patients and providers alike.
Cybersecurity on the Front Lines
So how do you improve and maintain cybersecurity? It will depend on your needs, as data leaks can happen in a multitude of ways, from phishing scams to hacked emails to unattended devices.
Experts at HealthITSecurity recommend that users take a contextual approach to protect their data and devices by “applying the proper security policies based on what the user is doing, their device, where they are coming in from, and so on.” Users are on the front lines of the battle for cybersecurity; they need more education, tools, and resources to adequately maintain privacy. Luckily, even “simple” protective measures can go a long way.
Two-step authentication is becoming more common, so even if someone does access your account or password, they cannot gain access. Similarly, double-encryption can add another layer of security to websites and emails that contain sensitive information — while hackers may have access to your emails, they still cannot see that private content. Proper password practices are also one of the best ways that users can keep private information safe. And as annoying as it may be, don’t put off your next software update — developers often correct security issues that hackers can exploit if left unfixed.
These small steps are helpful but are only several pieces of the puzzle. For highly sensitive data, you will need stronger and more extensive measures. If you’re in over your head, it’s never a bad idea to hire a professional to help update your current security.
Though many people may not realize how disastrous data breaches are, it’s important to treat cyber attacks as seriously as other threats. According to Arizona State University, some emergency responders receive training on how to deal with cyber threats, how to educate others on cybersecurity, and how to develop programs and processes to help high-risk facilities like hospitals deal with a host of disasters, including cyber attacks. By putting cyber attacks on the same level as other threats, we can begin to prevent and combat it properly.
Dealing with a Breach
Knowledge is power in this situation; get to know your security system and its flaws. If a breach does occur, you will be able to figure out its origin more quickly. Controlling the breach as quickly as possible is crucial. Answer any and all key questions that you can, including: Did it happen externally or internally? How long ago? What can you do, if anything, to immediately stop the breach? Call in professional help if you can’t manage the breach on your own.
Healthcare facilities must follow the HIPAA Breach Notification Rule and alert all affected individuals, the Secretary of the Department of Human Health Services, and possibly the media, depending on the size of the breach. Certain states may have additional breach notification laws.
After you conduct a thorough security audit to discover any additional weaknesses, update all relevant passwords and accounts and restore data from clean backups. Then, focus on helping patients affected by the breach and rebuilding your public image. People will likely be wary of your organization in the wake of an attack, so regaining their trust is vital to recovering from a data breach.
As more sensitive health data is stored digitally, breaches in security are almost an inevitability. Simply hoping that you’ll stay safe is not an adequate way to prepare for or respond to a breach. Unfortunately, one large overhaul of your security will not be enough to stay protected. Continually update your security measures to keep information safe — technology changes quickly, and hackers will figure out ways around current measures. It is a constant and exhausting battle, but one that healthcare providers must fight.