Cybersecurity Lessons, You Shouldn't Learn Them the Hard Way

Published in Member Communities on October 08, 2018

As a healthcare professional, you tell your clients to take preventative steps in regards to their health. Are you taking this same advice when it comes to their data protection? As a major US industry player, healthcare organizations are a top target for criminals looking to steal protected data. Unfortunately, they are also one of the top industries falling behind when it comes to cybersecurity.

While there are a variety of reasons for this, what we want to focus on in this blog is the importance of constantly securing patient data against possible cyber-attacks. Here are a few real-world examples of what can happen when healthcare organizations don’t follow proper data protocol:

1. Don't Put Off Software Updates

Procrastination and cyber protection do not belong in the same sentence. It is incredibly important to be at the forefront of providing updates to all of your devices in order to make them impregnable to hackers. Delaying updates puts your devices and data at risk.

Lesson: Misfortune Cookie was discovered in 2014, but not addressed by those using medical gateway devices until this year when it became a major issue. Without an update, a hacker could gain access to admin-level privileges to medical devices. Even the update will not apply to some versions, and we can only hope that those hospitals will disable those web servers. Not updating vulnerabilities when they are first recognized will allow this to happen again and again.

2. Make Sure Your Devices and Important Documents Are Password Protected

A large part of complying with this is employee training. In healthcare facilities, there are diverse levels of employees with access to Protected Health Information. Typically, these are accessed in thousands of different devices throughout the building. These devices keep patients alive and hold records of vital health information that criminals would love to exploit.

This is why ramping up your security measures are so important. We recommend reiterating to employees how important security is to patient lives and implementing multi-factor authorization.

Lesson: The University of Mississippi Medical Center agreed to a $2.75 million dollar HIPAA settlement. They incurred a data breach that impacted 10,000 individuals because of poor password protection. A password-protected laptop was stolen by a hospital visitor who was able to easily gain access to thousands of files. If they had taken the proper password and physical security measures, this risk could have been eliminated.

3. Continuously Perform Risk Assessments

Cybersecurity is not a one and done deal. As attackers change their tactics to commit crimes against you and your patients, you need to continually adjust your defenses. Procrastination and cyber ignorance are your enemies. You want to have an IT partner who is an expert in assessing your risks. They should be monitoring, analyzing and detecting threats to your institution and provide a timely solution.

Lesson: St. Elizabeth Medical Center paid a settlement of $218,400 because of HIPAA violations. There was staff use of a cloud-based file sharing application that was never evaluated and resulted in putting 500 patients’ PHI at risk. If they had been continually conducting risk assessments, this could have been avoided.

We sincerely hope that you never have to learn these lessons the hard way. Contact us today for a proactive Vulnerability Assessment to determine your risk landscape.


comments powered by Disqus

From Our Experts

A Breakdown of the SBA Paycheck Protection Program thumbnail A Breakdown of the SBA Paycheck Protection Program The Paycheck Protection Program (PPP) is the third phase of the government's $2.2 trillion government's relief package, the Coronavirus Aid, Relief, and Economic Security (CARES) Act. It was created to help small businesses cope with the COVID-19 outbreak. Complex Rehab Highlights on CMS Waivers and Rules thumbnail Complex Rehab Highlights on CMS Waivers and Rules CMS released new waivers and rules to increase the flexibility for healthcare providers during the COVID-19 pandemic. Here is a quick overview for CRT. CMS Announces New Waivers and Rules to Help Healthcare Providers thumbnail CMS Announces New Waivers and Rules to Help Healthcare Providers Yesterday, the Trump Admiration released an array of temporary regulatory waiver and new rules to help equip the healthcare community with flexibility during the COVID-19 pandemic. Our VGM Government team will continue to process the information and what it means for our members. Helping You Navigate COVID-19 thumbnail Helping You Navigate COVID-19 As we continue to try to decipher the vast amounts of information we get on a daily basis about the coronavirus and its impact on our healthcare system, economy, education, families, and all other facets of our lives, one fact is ultimately true—we are all in this together! Please continue to reach out to us with questions, feedback, and success stories. U.S. Rehab Continues Helping Members During COVID-19 thumbnail U.S. Rehab Continues Helping Members During COVID-19 Our team here at U.S. Rehab is working hard every day to meet the needs of our membership. We are fielding calls, emails, and reaching out to our valued members and manufacturer partners to see how we can help. If there's a problem that you're experiencing, we want to hear from you, whether it's access to the VA or a rehab facility, concerns about getting paid for your services, telehealth concerns, etc., please reach out and let us know at [email protected] Clarification on What is a “Healthcare Provider” in the FFCRA thumbnail Clarification on What is a “Healthcare Provider” in the FFCRA In phase 2 of the government's COVID-19 relief package, passed nearly 2 weeks ago and known as the Families First Coronavirus Response Act (FFCRA), there was language exempting certain business types from being required to offer expanded medical leave and sick leave to their employees. VGM clarifies these exemptions in the following article. House Passes Coronavirus Stimulus Plan - HME Legislation Included! Heading To The President's Desk thumbnail House Passes Coronavirus Stimulus Plan - HME Legislation Included! Heading To The President's Desk On March 27, the Coronavirus Stimulus Package, H.R. 748, passed the House. The bill will now head to President Trump's desk for his signature. Much needed reimbursement relief will be coming to home medical equipment suppliers! The bill includes language from H.R. 2771, which provides relief for areas deemed rural and non-rural by CMS. U.S. Small Business Administration Offers Low-Interest Rate Loans thumbnail U.S. Small Business Administration Offers Low-Interest Rate Loans The U.S. Small Business Administration (SBA) is offering designated states and territories low-interest federal disaster loans for working capital to small businesses suffering substantial economic injury as a result of the coronavirus (COVID-19).