Top 4 Cybercrime Threats To Long Term Care Facilities
If you’ve been working in the healthcare sector for more than a decade, then you know how much technology has changed the world over that time.
The way you store and access health care information, the use of interconnected medical devices, etc. – it has all contributed to a higher quality of care, benefitting both the healthcare professional and the patient.
However, just as technology helps the healthcare industry through the convenience of data storage and access, it also presents serious cybersecurity risks.
To put it simply: the easier it is for you to access Protected Health Information (PHI), the easier it is for cybercriminals to do so as well. Don’t make the mistake of assuming that just because you’re not a major hospital or more active medical practice that you aren’t a target – data is data. If you’re an easy target, cybercriminals will find you.
If you want to take advantage of the benefits that modern healthcare technology has to offer, then you have a responsibility to make sure it’s properly secured against today’s more common cybercrime threats.
Not only is it a matter of HIPAA compliance (i.e. the Security Rule) but it’s also your duty to the residents in your long-term care facility.
What Are The Main Threats You Need To Protect Against?
- Vendor-Based Vulnerabilities
No matter how secure your systems may be, you also need to think about the vendors you work with. If they have access to your data, then they’re considered a part of your systems – their vulnerabilities are your vulnerabilities.This is detailed in HIPAA – you need to have business associate agreements in place, detailing their obligation to protect your PHI. Even though you may have all your business associate agreements set up, you should still make sure to assess your third parties’ cybersecurity from time to time.
Double-check that PHI access is limited to the absolute minimum required for the business relationship and that they meet HIPAA security standards.
- Networked Medical Devices
The more that medical technology becomes connected, the easier it is for cybercriminals to spread malware from one device to another. For well over half a decade, the government and other involved organizations have called for greater cybersecurity to be built into medical devices.The key issue is that medical device developers are slow to release security patches for their devices, which leave them vulnerable to attack. Given how many devices are often in place at a given healthcare organization, it presents a serious risk. Make sure to only use these devices if absolutely necessary, in order to limit your exposure.
- Mobile Vulnerability
While it may be convenient for your staff to use smartphones for work, it’s not always secure. As a relatively newer technology, there are new vulnerabilities discovered on a regular basis – any of which can be used by cybercriminals to threaten long term care facilities like yours.If you’re going to allow smartphone use for work, then make sure you have a Bring Your Own Device (BYOD) policy – an organizational policy that dictates how your staff members use their personal devices for work purposes, prioritizing security above most other concerns.
Perhaps the most well-known threat to the healthcare world is ransomware. It’s been years since the WannaCry ransomware strain struck on the evening of May 11th, 2017, encrypting the data of thousands of healthcare organizations in the UK (including the entirety of the National Health Service) and holding them at ransom. By the end of the weekend, WannaCry had infected thousands of networks in over 150 countries around the world.In order to protect your facility, make sure you have a viable data backup solution in place. That way, it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
Don’t make the mistake of assuming your long-term care facility is low-profile enough to avoid a cybercriminal’s crosshairs. If you’re an easy target, they will find you.