During the pandemic, cyberattacks on the public health sector increased. In response, the Department of Health and Human Services (HHS), Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) sent out a joint advisory in November 2020 about ransomware targeting the healthcare sector. The three agencies stated that they gathered information about intensified impending attacks on this sector. Their warning included detailed descriptions of ransomware techniques, tactics, and procedures so that healthcare organizations can better protect themselves.
This is also a global phenomenon that has continued into 2021. According to Check Point research covering the first six months of 2021, ransomware attacks worldwide increased by 102 percent affecting more than twice the number of organizations compared to early 2020. From April 2021, the most targeted sector has been healthcare, averaging 109 attempted attacks for every organization each week.
Healthcare Services Need IT Solutions
The solution is not to ditch IT in the healthcare field because IT is now a crucial necessity in providing and managing health services. Hospitals need IT to process and integrate patients’ data as each patient continues to accrue various test results and undergo procedures over time. In many cases, patients do this in different locations and medical facilities through the years. Manual records are a thing of the past. Medical professionals need to access a patient’s entire medical history quickly to enable an immediate and appropriate response. Efficient data processing is also necessary to streamline complicated billing and insurance processes.
Today, health professionals in various fields also need to coordinate with other professionals to serve their patients better. For instance, professionals in mental and behavioral health integrated services need to coordinate with medical professionals, emergency medical services (EMS), social services, and even law enforcement agencies to serve their patients better.
By using a software as a service (SaaS) platform, various health organizations can easily and safely share data and other organizations. This platform is cloud-based, hence, easily accessible by all authorized parties wherever they are. Even those who are out in the field, like EMS paramedics, can log in as needed.
Patient Privacy Protected by HIPAA
The federal Health Insurance Portability and Accountability Act (HIPAA) of 1996, implemented through the HIPAA Privacy Rule, covers all health information sharing and ensures that sensitive patient data cannot be divulged without the patient’s knowledge and consent. Standards are set to protect the patient’s right to understand and control the use of their data. This is balanced with the need to use health information to protect public health.
There are only 12 reasons of national priority where the rule allows protected health data to be disclosed without the patient’s permission. These are when it is required by law and essential government functions, for public health action, to stop or mitigate a severe health or safety threat and concerning victims of neglect, abuse, and domestic violence. It is also allowed in activities on health oversight, law enforcement, administrative and judicial proceedings, and workers’ compensation. Furthermore, it is permitted for deceased persons, cadaver organ donation, and limited public health, research, and healthcare operations.
Cybersecurity Needs Tightening
Healthcare organizations must choose a SaaS provider that offers the highest level of cybersecurity. In addition, they must implement the same standards of cybersecurity in-house. Because health professionals are not in the IT field, they need thorough training in cybersecurity protocols, phishing scams, and other cybercrime tactics. They must be made to understand that cybercriminals can use each individual’s password to infiltrate their entire system and even other systems connected to it. They must, therefore, choose complex passwords, change these frequently, and not share these. They must log out after every use of the system.
During the pandemic, healthcare organizations are busy and even overstretched. Most personnel are overworked and fatigued. This makes them vulnerable to forgetting cybersecurity protocols. It is vital to post reminders beside terminals as constant reminders.
Every healthcare organization must also implement the best practices recommended by the HHS, FBI, and CISA. It must classify information in silos, with sensitive information in a separate server and network from the vast email system. Data must be backed up continuously with the backups located off the network. Audit access to systems so that only those who need access to certain information are authorized for it. Use multi-factor authentication in addition to passwords. Have automated anti-malware scans that are automatically updated.
Healthcare organizations must invest not just financially but also time and effort in cybersecurity. The health system cannot afford a breach in this public health crisis. Too many patients’ lives are at stake.
