Recent years have proven that cybersecurity is becoming more and more important for businesses across the nation — and healthcare facilities are no exception.
According to Becker’s Hospital Review, data breaches cost the national healthcare industry about $5.6 billion annually, and in 2016, there was an average of about one data breach per day that affected more than 27 million patient records. Financial entities once took the brunt of cybersecurity issues, but according to Jason Spano, Director of Information Technology for Prowers Medical Center, there seems to be a recent shift in focus to healthcare.
“I think the biggest contributing factor is the financial sector has been under attack for so long, they are doing a better job with security,” he explained. “Hospitals and others in the healthcare vertical have been struggling to update antiquated systems to help thwart the bad guys.”
Cyber-attackers don’t usually plan huge, elaborate schemes, but rather take the easiest route in obtaining patient information. Common threats healthcare facilities face regarding cybersecurity include social engineering, phishing attacks, cloud attacks, misleading websites, employee error and more.
“With the implementation of HIPAA and the HITECH act, some of the issues in cybersecurity are trying to secure a system that is mandated to be open and shareable,” Spano said. “Legislation is pushed through saying information needs to be easily accessible to the right people, but at the same time, it needs to be kept out of the wrong hands.”
In a day and age in which everything is digital and personal information is vulnerable to potential exposure, is it possible to keep patient information well-protected? The answer is yes, but healthcare facilities need to invest more into cyber-protection than they’ve ever needed to in the past.
“When the general public thinks about hacking and cybersecurity, they picture a guy in a hoodie sitting in a dark room with green text flying by on his laptop,” Spano said. “That is very rare in the world.”
Prowers Medical Center is tackling this issue by implementing several cybersecurity strategies, Spano said. For one, all new hires are subjected to go through cybersecurity training, specifically for phishing attacks, and there are mandatory refresher courses and emails sent to long-time employees throughout the year. If an employee falls for a phishing scheme, there’s potential for a lot of damage — for example, risking important computer files to become encrypted, meaning staff would lose complete access to them.
“Phishing attacks are getting better at looking like legitimate e-mails,” he said. “The nefarious individuals on the other end will scrape the organization’s website for names, e-mail addresses, phone numbers, logos, projects going on and more to tailor a phishing campaign that has a high likelihood of getting some clicks.”
Prowers Medical Center also upgraded from a one firewall system to a multi-firewall system, and the IT team has implemented anti-virus and anti-spam tactics for hospital staff email as well as a web filter to help stop most issues at bay. These are only a few of the many ways the hospital is helping its patients feel safe and secure when providing their personal information.
Spano offered some tips to help patients feel more at ease in regard to cybersecurity. First, be wary of emails with links and attachments. Hover over the links to find out exactly where they lead, and pay close attention to the spelling in URLs and links.
“For just a few dollars, someone can buy a domain name that might look like a reputable website, but instead be a link to a nefarious site,” Spano explained. “With attachments, ask yourself if this is something you would expect to get from this person at this time. If you can, call the person before opening it to ask if it is legitimate.”
Second, make sure to constantly backup your computer and to keep all important data in two different places.
“If the original is on your hard drive, keep another copy on a portable hard drive that you leave disconnected from your computer except for when adding files,” Spano said. “Or, use one of the many free cloud storage sites as your backup.”