As we’ve mentioned before, cybercrime is a huge threat to healthcare, costing the industry over $6 billion annually. This elusive danger goes deeper than the monetary damage though.
Hackers can hijack valuable intel from facility computer systems for ransomware, sell patient insurance information to elicit medical identity theft or tamper with medical devices, like heart defibrillators and insulin pumps, which could put patients in a critical condition or even result in death. Worse yet, recent trends indicate that this problem will only get worse in the years to come if facilities don’t take action now.
The situation is bad—but far from hopeless. There are several things healthcare facilities can do to prevent cyberattacks. Here are just a few ways to protect patients and providers alike from these threats.
1. Identify patients at risk. Since Medicare and Medicaid use Social Security numbers for identification, the people most likely to fall victim to medical fraud are the elderly and those of a lower SES. Be aware of these factors, and advise your patients against sharing their personal information, even with family members, as the majority (60%) of medical fraud cases were instigated by someone close to the victim.
2. Ensure your staff is trustworthy. Patients at risk aren’t the only people to identify. Oftentimes, cybersecurity breaches are an inside job. Facility leaders need to have their staff undergo rigorous screening processes to ensure the trustworthiness of each employee. Another tactic would be having a hospital care investigator on staff to prevent medical fraud. These professionals can detect suspicious medical assistance applications for further investigation.
3. Hire more IT personnel. A $445 billion business, cybercrime is as illegal as it is lucrative, which is why the industry attracts a lot of talent. There’s a stark disparity in the number of cybercriminals to that of cybersecurity professionals. The shortage applies to every industry but is particularly evident in healthcare, simply because it wasn’t a priority until the last couple years. As cybercriminal organizations become more prevalent and sophisticated, the need for fortifying digital systems is pressing. Every healthcare facility needs a strong IT team to keep its data secure.
4. Keep software updated. They may seem like more of a nuisance than an aid, but anytime you get a software update notification, it’s best to run the installation. These updates do more than just help your device run more quickly and efficiently. They’re crucial for stamping out any bugs that would make the device vulnerable to hackers. In fact, these glitches are a common gateway for ransomware to occur. Be smart, even if it feels inconvenient in the moment, and always keep your software updated.
5. Have a backup. In the case of ransomware, hackers encrypt valuable files so that their owner no longer has access to them, holding the information hostage until the perpetrator gets their pay. That’s why backing up your files regularly is so important. If a cybercriminal strikes, your data won’t be in jeopardy. Also, it’s imperative for facilities to have an information technology disaster recovery plan (IT DRP) to keep operations running smoothly in the event of a breach.
Implementing these steps isn’t just smart but necessary, for the present and especially for the future. Otherwise, you may become one of the ever increasing targets for cybercriminals. The risks are too dire to ignore, and the last thing you want is for your patients or staff to suffer because of negligence.
The fact that the threat is unseen and intangible makes it all the more menacing. With these steps, however, it can be beaten. The stakes are too high—for you, your facility and the people who entrust you to care for them—not to fight.