“As of early July, 79 health care privacy incidents have already occurred in 2019”
By the time a network breach is discovered, the cybercriminal is usually long gone – but the effects for health care entities and patients are just beginning. As news stories continue to reveal data breaches across industry sectors, health care is not immune to the actions of cybercriminals. In fact, 48%of all consumer data breaches occur in the health care sector.
As the use of digital health care services such as telemedicine, electronic health records and wearables become the new normal in the industry, both providers and vendors need to have a preemptive and proactive cybersecurity plan in place. Technology has transformed the medical supply chain, patient-provider communication and how medicine is administered. Hackers looking to capitalize on the highly valuable and sensitive patient and supply information are seeing these new access points as entryways to obtain, sell and even alter this information.
A robust cybersecurity plan that mitigates risk for both providers and vendors includes a highly trained and educated workforce, cyber infrastructure and physical barriers. Here are three top components to consider:
- Educating administrative and operational personnel
Cybersecurity threats are not limited to external sources looking to do harm – internal threats from willing and unwilling participants can cause significant costs and damage an organization’s reputation. Educating employees in administrative and operational roles on how to identify potential threats, including phishing and ways to maintain awareness of security are a provider’s and vendor’s best way to protect data as it is collected.
- Building and investing in a cyber infrastructure
As cloud computing has gained popularity in health care, the points of access for cybercriminals are multiplying frequently. Although compliance standards and audits are in place to protect patient and record systems, hesitation of implementing a multi-layer cybersecurity infrastructure due to the potential negative impact to providing timely care often result in relaxed policies. Investing in a cybersecurity policy that can detect and defend multiple level threats including from IoT devices, patient communication and lab results can obstruct an attack. For example, ensuring encryption is enabled in all email communication, access is restricted outside of the intranet, phones, USB’s and PDA’s are prohibited from being accessed, downloading of external files and software is tightly monitored and controlled. However, no matter how much providers and vendors invest in this protection, this infrastructure is only as strong as the organization’s commitment to developing, communicating and enforcing policies that support proper usage. It is also recommended that an annual penetration test is conducted through an external cyber security company to identify gaps and risks.
- Creating physical barriers
Organizations that utilize a hybrid system, in which data is hosted on the cloud and physically within the organization, need to create physical barriers in addition to their cyber infrastructure. Setting physical boundaries and isolating highly sensitive areas using control access systems such as biometric and environmental monitoring will strengthen security measures for both providers and vendors. In addition, tight protocols and processes must be in place to ensure that any employees or contractors that are no longer a part of a company have their access to the network and physical environment revoked immediately following their termination.
Having a well-developed plan in place before a breach occurs safeguards not only patient information but shows stakeholders, patients and the general public that your organization understands and recognizes the threats that the industry faces from hackers. Cybersecurity plans are no longer about if, but when a hacker attempts a breach.
Contact SYNERGEN Health today to learn more about additional steps that can be put in place to strengthen your compliance and security protocols for your revenue cycle operations.