Electronic Health Records (EHRs) are credited with improving patient care and care coordination, increasing patient participation in health care decisions, improving health care practice efficiency, and reducing costs of healthcare services. On the downside, EHRs also expose healthcare facilities and medical practices to significantly higher risks of data breach and cyberattacks.
As more personal and medical information is maintained electronically, a larger pool of hackers will be drawn to that information because of its high value in the cybercriminal underground.
The higher cyberattack risk in the healthcare and EHR industries is a function of several factors.
Healthcare facilities stand to lose substantial financial resources when they experience a successful cyberattack. Federal regulators, for example, imposed a $5.5 million fine against Chicago-based Advocate Health Care following that organization’s loss of a large number of patient records that were stored on a personal computer that thieves physically removed from a facility. That fine was in addition to the other costs and expenses that Advocate Health faced to recover the lost data and to establish credit-monitoring services for patients whose records had been stolen.
[pullquote]None of these problems indicate that the cybersecurity situation for healthcare and EHRs is beyond repair.[/pullquote] Healthcare organizations can improve their cybersecurity environments first, by taking stock of the systems and devices in their facilities and adding strong encryption protection over patient data that is generated and stored in those facilities. Those organizations should also adopt a regular program of training healthcare providers in cybersecurity basics. Because EHRs connect different nodes within the healthcare service, sector, organizations should examine supply chains to detect weaknesses and to implement best practices that stand out within those supply chains.
From a technology perspective, healthcare organizations should consider using stronger data authentication routines and “tokenizing” sensitive data, which effectively limits access to that data to a smaller pool of individuals. EHR network access can be made more secure with biometric technology and other login procedures that raise the bar against attempts by unauthorized parties to log in to healthcare networks.
Cybersecurity insurance is the ultimate end game for cybersecurity in healthcare. The cybersecurity insurance industry is barely ten years old, but banks, professional service providers, and large corporations have jumped at the opportunity to insure themselves against the inevitable cyberattacks that they face every day. Healthcare organizations have not been as quick to procure cybersecurity insurance, possibly because healthcare providers have downplayed cyberattack risks. Situations like the Advocate Health data breach and the losses and fines that it spawned are quickly changing this perspective.
Cybersecurity insurance can reimburse healthcare entities for their direct losses from a ransomware attack or data breach. It can also provide compensation for third parties whose data was compromised in the breach and pay at least a portion of the fines that regulatory bodies might impose when a healthcare data breach creates a HIPAA or other healthcare data privacy violation. Most critically, cybersecurity insurance can keep a healthcare facility up and running to enable care providers to continue to provide necessary services to their patients.
For more security-related stories and information from us here at Bit Rebels, click here.
Evan Ciniello’s work on the short film "Diaspora" showcases his exceptional ability to blend technical…
It’s my first time attending the BOM Awards, and it won’t be the last. The…
Leather lounges are a renowned choice for their durability and versatility. In the range of…
Charter jets are gaining in popularity, as they allow clients to skip the overcrowded planes…
Cloud computing has transformed how businesses operate, offering flexibility and efficiency at an unprecedented scale.…
Live betting is the in thing in the online betting industry. The ability to place…