Cybersecurity Lessons, You Shouldn't Learn Them the Hard Way

Published in Member Communities on October 08, 2018

As a healthcare professional, you tell your clients to take preventative steps in regards to their health. Are you taking this same advice when it comes to their data protection? As a major US industry player, healthcare organizations are a top target for criminals looking to steal protected data. Unfortunately, they are also one of the top industries falling behind when it comes to cybersecurity.

While there are a variety of reasons for this, what we want to focus on in this blog is the importance of constantly securing patient data against possible cyber-attacks. Here are a few real-world examples of what can happen when healthcare organizations don’t follow proper data protocol:

1. Don't Put Off Software Updates

Procrastination and cyber protection do not belong in the same sentence. It is incredibly important to be at the forefront of providing updates to all of your devices in order to make them impregnable to hackers. Delaying updates puts your devices and data at risk.

Lesson: Misfortune Cookie was discovered in 2014, but not addressed by those using medical gateway devices until this year when it became a major issue. Without an update, a hacker could gain access to admin-level privileges to medical devices. Even the update will not apply to some versions, and we can only hope that those hospitals will disable those web servers. Not updating vulnerabilities when they are first recognized will allow this to happen again and again.

2. Make Sure Your Devices and Important Documents Are Password Protected

A large part of complying with this is employee training. In healthcare facilities, there are diverse levels of employees with access to Protected Health Information. Typically, these are accessed in thousands of different devices throughout the building. These devices keep patients alive and hold records of vital health information that criminals would love to exploit.

This is why ramping up your security measures are so important. We recommend reiterating to employees how important security is to patient lives and implementing multi-factor authorization.

Lesson: The University of Mississippi Medical Center agreed to a $2.75 million dollar HIPAA settlement. They incurred a data breach that impacted 10,000 individuals because of poor password protection. A password-protected laptop was stolen by a hospital visitor who was able to easily gain access to thousands of files. If they had taken the proper password and physical security measures, this risk could have been eliminated.

3. Continuously Perform Risk Assessments

Cybersecurity is not a one and done deal. As attackers change their tactics to commit crimes against you and your patients, you need to continually adjust your defenses. Procrastination and cyber ignorance are your enemies. You want to have an IT partner who is an expert in assessing your risks. They should be monitoring, analyzing and detecting threats to your institution and provide a timely solution.

Lesson: St. Elizabeth Medical Center paid a settlement of $218,400 because of HIPAA violations. There was staff use of a cloud-based file sharing application that was never evaluated and resulted in putting 500 patients’ PHI at risk. If they had been continually conducting risk assessments, this could have been avoided.

We sincerely hope that you never have to learn these lessons the hard way. Contact us today for a proactive Vulnerability Assessment to determine your risk landscape.


comments powered by Disqus

From Our Experts

Home Medical Equipment Providers: An Underappreciated Solution (Until Now) thumbnail Home Medical Equipment Providers: An Underappreciated Solution (Until Now) Miriam Lieber wrote a guest blog for Salient Value about some of the recent wins for DMEs and how they have adapted during COVID-19. Discover Why All Providers Need to Know About Wound Care thumbnail Discover Why All Providers Need to Know About Wound Care Listen in as we talk with Heather Trumm, Director of VGM Wound Care about the importance of all DMEPOS providers paying attention to wound care. Heather also covers new education materials available for VGM Members, and resources that can help you get started in wound care. Discover Why All Providers Need to Know About Wound Care thumbnail Discover Why All Providers Need to Know About Wound Care Listen in as we talk with Heather Trumm, Director of VGM Wound Care about the importance of all DMEPOS providers paying attention to wound care. Heather also covers new education materials available for VGM Members, and resources that can help you get started in wound care. HME Business: What's Your Telehealth Plan? thumbnail HME Business: What's Your Telehealth Plan? HME Business wrote an article about COVID-19 pushing U.S. healthcare to adopt practices it should have integrated years ago, and telehealth is at the top of the list. Why? Because it makes a lot of sense, especially for HME. HME Business: Being Social in the New Normal thumbnail HME Business: Being Social in the New Normal Ty Bello wrote an article that was featured in HME Business that focused on how COVID-19 forced us to adopt a set of new phrases and behaviors into our daily lives. Ty wrote that we can still do things to strengthen our lasting relationships with patients, caregivers, referrals, coworkers and all the people in our lives. Heartland: Signs Ahead Point to ‘Growth' thumbnail Heartland: Signs Ahead Point to ‘Growth' The HME industry has weathered its share of hardships and the current COVID crisis is no exception. But, as “first responders,” providers will get through this too, VGM's Mark Higley said in the kick-off last week to Heartland at Home. ADA Anniversary: A Time of Celebration, Cause for Improvements thumbnail ADA Anniversary: A Time of Celebration, Cause for Improvements To commemorate the 30th anniversary of the Americans with Disabilities Act, VGM & Associates, U.S. Rehab and NCART have released a video featuring longtime champion and lead sponsor of the act, retired Sen. Tom Harkin. DMEPOS Warriors: Steve Huntington, Director of Finance for HME Home Medical thumbnail DMEPOS Warriors: Steve Huntington, Director of Finance for HME Home Medical Meet Steve Huntington, Director of Finance for HME Home Medical, a VGM member since 1986! An employee of HME Home Medical for five years, Steve has found that the power of networking opportunities provided by VGM and his state association, MAMES, have helped him and HME Home Medical thrive. We asked Steve more questions about his experience with the industry below!