How to Strengthen Your Security and Prevent Cyber Attacks

Healthcare has always been a prime target for hackers. It was the seventh-most targeted sector in 2020, up three spots from the previous year.¹ Cyber-attacks put a financial burden on the organization’s bottom line, consumes administrative and IT staff’s time, causes a loss of trust with your patients, and worse, could put their health at risk.

When the country went into lockdown last year, the question for every organization/provider was ‘how are we going to continue to safely treat our patients?’ This issue resulted in a high adoption rate of telemedicine and other health technologies, and while healing your patients should be any health entity’s number-one goal, keeping their information protected should be a close second. Chaos from the pandemic and the shift to digital health left health systems vulnerable, and the number of reported breaches increased 18% compared to the same period last year.² However, there are several ways your organization can support remote care and protect patient data. Keep reading below for tips on how to prevent cyber-attacks.

“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note.” — Nick Rossmann

Tip #1: Employee Training Sessions

Your facility can only be as safe as the employees who protect it, and human error remains one of the biggest threats to security across all industries. All staff must be knowledgeable of how important cybersecurity is to the business and the patients, and it is the management’s job to ensure its team is well-aware of the matter. Organizations should schedule mandatory training sessions for all employees to minimize the risk of careless mistakes.

Tip #2: Don’t Fall for Suspicious Emails/Phone Calls

If an automated voice calls and tells you that there is a problem with your insurance or you receive an email from someone claiming they are a prince that needs money, they are almost certainly fake. These are easy ways hackers can obtain your personal information. It may sound ridiculous, but people fall for these scams all the time. Hackers can easily disguise their names to match one of a co-worker or business partner. When on your work email or phone, carefully read the sender’s address or caller ID before clicking any ill-advised links and/or giving out valuable information, as it could put your organization at risk. It is important that staff members recognize and report any suspicious behavior. Some organizations actively phish their employees as a teaching tool.³

Tip #3: Limited Access/Logging Data

Only authorized personnel should have entry to personal records and implementing access controls will limit the number of people inputting and altering data. Staff members should log all modifications of information, even if it is just a small change. That way, when someone sees a piece of data that was not logged, he/she/they will know some tampering might have occurred. It is also important to remove access from employees who no longer work for the company. If the story behind the termination was unpleasant, the former employee may go into the system and cause problems as a form of revenge.

Tip #4: Regular Software Updates

Cyber-attacks are constantly evolving, and developers must take action when there is a fault in their program. System updates guarantee the software is performing at its highest level. When software updates are released, everyone is notified—both users and hackers—that there are vulnerabilities in the previous version which can be exploited. Whether it is for a desktop, mobile, EHR, or other IoT-connected medical device, never put off a system update.

Tip #5: Use Strong, Different Passwords

A recent report found that 63% of confirmed data breaches involved taking advantage of passwords that were the default, weak, or stolen.⁴ Passwords are like the offensive linemen in football; to get to the quarterback (aka the valued data) you have to go through them first. You would not want weak and scrawny guys on your offensive line, so why would you make your password ABC123? Every application tool should have its own unique and secure login. Organizations must keep this information hidden in a safe place and only allow access to certain personnel. Experts recommend that facilities change these on a regular basis. A strong password is not the ultimate solution to stop hackers, but it will definitely slow them down and discourage them, which may lead to them giving up altogether.

Tip #6: Install Firewall and Anti-Virus System

Providers are the most targeted sector of healthcare, accounting for 79% of all reported data breaches.² The most common ways attackers hack into small, provider offices are through viruses and similar code that exploits vulnerabilities on the machine.⁵ Anti-virus systems will help find and eliminate any malicious software inside your system, while firewall will prevent hackers from entering in the first place. Installing these two are vital aspects of a secure EHR for both a small provider and a large-scale hospital system.

Tip #7: Protect Mobile Devices

It seems as though everything in your home is connected to the internet nowadays, which presents more opportunities for hackers to extract personal information, including your health data. Mobile devices are increasingly taking on a greater role in healthcare, and although its use has been linked to greater patient satisfaction ratings, it has also been a prime source of cyber-attacks. A 2018 survey indicated that 25% of healthcare organizations suffered a mobile-related breach in the last year, with 67% of those deemed “major.”⁶  It is important to protect your devices with multi-factor identification and use strong, different passwords for each app, especially ones that contain valuable information, such as health and finance apps.

Tip #8: Backup Everything!

The tricky thing about cyber-attacks is that you can closely follow all these steps, and still suffer a data breach. It is important to prepare for the worst even when you are doing your best. All personal files should be backed up regularly off-site in the event of a breach, emergency, or alternative disaster. Backup data should be protected with the same access controls as the rest of the system. 

The HIPAA Privacy Rule protects all “individually identifiable health information” possessed or transferred by a covered entity or business affiliate.⁷ This information includes medical records, insurance information, and other private details. Covered entities are to ensure that patient information is secure, accessible only by authorized persons, and used only for authorized purposes. HIPAA’s Security Rule covers cyber-attacks, meaning it is the provider’s responsibility to protect against data breaches by establishing the proper defense strategy.  

Cantata’s Convergence Platform is a hosted care coordination solution designed to exchange, integrate, and provide data, manage incoming and outgoing referrals; and connect to a network of providers and support secure data sharing.  It is a commercial off-the-shelf (COTS) solution, which can be configured to meet the needs of large-scale implementation.

We continually monitor all our internal systems as well as our customer cloud-based applications for abnormal activity that could indicate attempts to infiltrate our systems.  We ensure that our firewalls and other network devices are maintained at appropriate software levels and are always monitored for suspicious activity.

…………………………………………………………………………………………………………………………………

REFERENCES:

1. Davis, Jessica. “Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware.” HealthITSecurity, HealthITSecurity, 25 Feb. 2021.
2. Dodson, Dan, and William Crank. “2021 Horizon Report: The State of Cybersecurity in Healthcare.” Fortified Health Security, 2021.
3. “How to Improve Healthcare IT Cybersecurity.” Change Healthcare.
4. Davis, Jessica. “Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware.” HealthITSecurity, HealthITSecurity, 25 Feb. 2021.
5. “Top 10 Tips for Cybersecurity in Health Care.” Department of Health and Human Services.
6. Davis, Jessica. “25% Of Healthcare Providers Faced Mobile Device Breach in 2018.” HealthITSecurity, HealthITSecurity, 8 Mar. 2019.
7. Staff, Incredible Health. “Cybersecurity and Privacy Tips for Medical Information.” Incredible Health, 23 Feb. 2021.