"Healthcare is one of three industries facing the highest risk of a cyber-attack in 2017," reports Fierce Healthcare. In fact, every month the healthcare system already faces at least one cyber attack.
It's common for cyber security to feel like an almost insurmountable problem -- especially when even the government is struggling to keep us safe from hackers. Is there anything that a hospital administrator can do to keep its patients, records, and providers safe? We think there is -- and we believe the best place to start is with three fairly simple security tactics.
Nationwide, there are some big threats to cyber security in healthcare that may need a nationwide solution. In fact, it is one HHS's top challenges for 2017. Some of the biggest threats to healthcare cyber security include: ransom-ware, hacking, The Internet of Things, and internet use that just doesn't comply with security standards.
That said, there is significant "low hanging fruit" when it comes to shoring up a hospital's cyber security. In fact, some of the most common and costly issues are simple to prevent. They might not be flashy, or involve a 5-year plan, but they are likely the ways to keep your patients and providers safe from the most common threats they're likely to face.
Three simple cyber security issues that should be first on every hospital's list to fix:
- BYOD for texting. The fact is, every healthcare provider has a smartphone in his/her pocket. So the question isn't whether a provider is effectively using a "Bring Your Own Device" (BYOD) policy -- it's whether she is doing it in a way that is HIPAA compliant. Texting isn't HIPAA compliant, using your phone's camera roll isn't HIPAA compliant, and storing data on the device is a huge breach. But there are ways to have a BYOD policy that is HIPAA secure.
- "Smart devices" that aren't that smart.
For instance, "smart devices" like blood pressure monitors, baby monitors, smart scales, etc. can be entry points for a cyber attack since their security is often much less sophisticated that security on a smartphone or computer. So that costly hardware acquisition plan can have some significant downsides if every single device isn't AS secure as the computers inside the hospital building. Our recommendation remains -- invest in updateable software, and use the (already secure) devices and hardware you have. - Poor HIPAA compliance.
The cost of a single HIPAA data breach is now $4M per incident. We still have so many colleagues that say "it's just easier to text or email" with colleagues about patients -- an approach that is obviously not HIPAA compliant and puts the individual provider at personal financial and professional risk. Supporting providers in being HIPAA-smart is probably the single biggest way to stay safe.
Do we need a nationwide plan to stay safe from cyber attacks, especially when it comes to our healthcare system? Yes. But in the years that will take to form, it's crucial to protect your hospital from the most likely culprits, now.
We published a free whitepaper on using a BYOD while also keeping devices -- and your hospital -- secure. Download it here:
Photo from wocintechchat on Flickr, used under Creative Commons rights.