Cybersecurity Lessons, You Shouldn't Learn Them the Hard Way

Published in Member Communities on October 08, 2018

As a healthcare professional, you tell your clients to take preventative steps in regards to their health. Are you taking this same advice when it comes to their data protection? As a major US industry player, healthcare organizations are a top target for criminals looking to steal protected data. Unfortunately, they are also one of the top industries falling behind when it comes to cybersecurity.

While there are a variety of reasons for this, what we want to focus on in this blog is the importance of constantly securing patient data against possible cyber-attacks. Here are a few real-world examples of what can happen when healthcare organizations don’t follow proper data protocol:

1. Don't Put Off Software Updates

Procrastination and cyber protection do not belong in the same sentence. It is incredibly important to be at the forefront of providing updates to all of your devices in order to make them impregnable to hackers. Delaying updates puts your devices and data at risk.

Lesson: Misfortune Cookie was discovered in 2014, but not addressed by those using medical gateway devices until this year when it became a major issue. Without an update, a hacker could gain access to admin-level privileges to medical devices. Even the update will not apply to some versions, and we can only hope that those hospitals will disable those web servers. Not updating vulnerabilities when they are first recognized will allow this to happen again and again.

2. Make Sure Your Devices and Important Documents Are Password Protected

A large part of complying with this is employee training. In healthcare facilities, there are diverse levels of employees with access to Protected Health Information. Typically, these are accessed in thousands of different devices throughout the building. These devices keep patients alive and hold records of vital health information that criminals would love to exploit.

This is why ramping up your security measures are so important. We recommend reiterating to employees how important security is to patient lives and implementing multi-factor authorization.

Lesson: The University of Mississippi Medical Center agreed to a $2.75 million dollar HIPAA settlement. They incurred a data breach that impacted 10,000 individuals because of poor password protection. A password-protected laptop was stolen by a hospital visitor who was able to easily gain access to thousands of files. If they had taken the proper password and physical security measures, this risk could have been eliminated.

3. Continuously Perform Risk Assessments

Cybersecurity is not a one and done deal. As attackers change their tactics to commit crimes against you and your patients, you need to continually adjust your defenses. Procrastination and cyber ignorance are your enemies. You want to have an IT partner who is an expert in assessing your risks. They should be monitoring, analyzing and detecting threats to your institution and provide a timely solution.

Lesson: St. Elizabeth Medical Center paid a settlement of $218,400 because of HIPAA violations. There was staff use of a cloud-based file sharing application that was never evaluated and resulted in putting 500 patients’ PHI at risk. If they had been continually conducting risk assessments, this could have been avoided.

We sincerely hope that you never have to learn these lessons the hard way. Contact us today for a proactive Vulnerability Assessment to determine your risk landscape.


comments powered by Disqus

From Our Experts

U.S. Rehab Launches a New Telehealth and Complex Rehab Technology Educational Course thumbnail U.S. Rehab Launches a New Telehealth and Complex Rehab Technology Educational Course Dr. Mark Schmeler, Associate Professor and the Vice Chair for Education Training in the Department of Rehabilitation Science & Technology at the University of Pittsburgh, Dan Fedor, Director of Reimbursement for U.S. Rehab, Kyle Walker, Director of Operations of Assistive Technology with VGM Homelink, and Greg Packer, President of U.S. Rehab, talk about a new educational program focused around telehealth and CRT. Complex Rehab ‘Takes Next Step' with New Program thumbnail Complex Rehab ‘Takes Next Step' with New Program More than anything, the University of Pittsburgh's new Master of Rehabilitation Technology program will help to raise awareness among young professionals that specializing in assistive technology is a valid profession, says Mark Schmeler. Packer Perspective: September 2020 thumbnail Packer Perspective: September 2020 “Success is not final; failure is not fatal. It is the courage to continue that counts.” – Winston Churchill I found this quote to be quite appropriate for the current times we are going through this year with the pandemic. Remember that U.S. Rehab and VGM are here for your success and to help ensure that you do not have failure—and that it is not fatal if you do have some. Conquer Your Mind and Get Out of Your Own Way thumbnail Conquer Your Mind and Get Out of Your Own Way Originally featured in “VGM Playbook: Developing Your Skills for Next Level Leadership,” VGM's Lindy Tentinger introduces ways to become a better leader, both at work and at home. VGM Announces 2020 HME Woman of the Year Award Finalists thumbnail VGM Announces 2020 HME Woman of the Year Award Finalists Four finalists have been named for the 2020 HME Woman of the Year. The winner will be announced during a special virtual ceremony on Oct. 22. Now in its fifth year, the award, sponsored by VGM, recognizes one woman in the industry who has made significant contributions throughout her career to her company, community, and the HME industry. What Is Emotional Intelligence (EQ) and Why Is It Important? thumbnail What Is Emotional Intelligence (EQ) and Why Is It Important? How well you do in your life and career is determined by both IQ and EQ. IQ alone is not enough; EQ also matters. In fact, psychologists generally agree that among the ingredients for success, IQ counts for roughly 10% (at best 25%); the rest depends on everything else—including EQ. Let Us Help You Prepare for the ATP Exam with the ATP Fundamentals Course! thumbnail Let Us Help You Prepare for the ATP Exam with the ATP Fundamentals Course! U.S. Rehab has partnered with RESNA to offer our members the ATP Fundamentals in Technology course. Designed with the busy AT professional in mind, the ATP Fundamentals Course helps students review and refresh their assistive technology knowledge and identify areas for further study in preparation for the ATP exam. CEUs are available for this class. Class size is limited, so be sure to register by September 28. U.S. Rehab Introduces New-and-Improved Educational Platform thumbnail U.S. Rehab Introduces New-and-Improved Educational Platform We are excited to announce our new educational platform that highlights all of our educational offerings in one simple, easy-to-use website, powered by VGM Education. This new platform is organized to make it simpler for you to find the programs you need for yourself or your staff.