Cybercrime continues to be a significant concern across many industries, and healthcare is among its biggest targets. A 2018 State of Cybersecurity in Healthcare study by Horizon revealed that 100% of web applications linked to critical health details are vulnerable to attacks. Network penetration results also pointed out that cyber-attackers could easily access domain-level admin privileges of most healthcare applications.
The chronic underinvestment in advanced cybersecurity technologies has left many health care facilities so exposed that they cannot even detect cyberattacks when they happen. Since hackers may attack in a matter of seconds, it sometimes takes facilities weeks or even months to detect a breach, contain it and deploy resources to prevent the same attack from happening.
Cybercriminals target health facilities for a range of reasons, but the main ones include:
- To access personal information (like medical history, social security numbers, pictures, income, etc.), this information can be worth a lot of money
- The medical devices are an easy entry point – so it’s an easy target
- Caregivers are not educated in online risks
- The range of devices used in health care facilities make it hard to keep up with security
- Outdated technology exposes facilities to attacks
Verizon’s 2016 Data Breach Investigations Report revealed that most attacks are about money, and cyber attackers often take the easiest route to assess the data they need. Sensitive data, like medical records are highly valued by identity thieves looking to sell identities on the black market. And since health care facilities are easy target, it explains why they account for 25% of all data breaches annually.
Facilities – including those that specialize in senior care – continue to face threats like:
- Ransomware and malware – where attackers shut down individual servers, devices, or entire networks and demand a ransom.
- Cloud threats – where hackers access health data that’s in the cloud and use it for their reasons.
- Misleading websites – where attackers create sites with addresses that are similar to reputable sites to lure in unsuspecting users.
- Phishing scams – where attackers send emails from seemingly reputable sources to get private data from unwary users.
- Employee error – where caregivers use unencrypted devices, weak passwords, among other things that expose them to attacks.
- Internal data breaches – where attacks originate within the establishment itself.
Although cyber attackers are smart and fly under the radar, healthcare facilities can increase their security fast. Here are some cybersecurity tips for outsmarting attackers:
Install a firewall
A firewall is a firmware or software that prevents unauthorized access to a network – think of it as a gatekeeper. It is the first line of defense against unauthorized access and malicious attacks as it inspects incoming and outgoing traffic to detect and block threats. Senior care facilities can install a firewall at their network perimeter to safeguard against threats and record events to identify patterns and improve rule sets. Firewalls protect networks from worms and viruses along with rootkits and phishing tools.
Update operating systems and software
Most impactful cyber-attacks have one thing in common – they target vulnerabilities in outdated operating systems and software. The Equifax and BA hacks are good examples of successful attacks on unpatched systems. Both these cases were easily preventable. They had access to software updates but neglected to download and install them.
Cybersecurity is only as strong as its weakest link. If a senior care facility uses outdated software or systems, endpoints become susceptible to attacks even from the most unskilled hackers. Luckily, facilities can prevent attacks with regular system and software updates.
Create a strong username and passwords
Strong usernames and passwords are essential to keep the facility’s devices safe. These devices hold information about patients and their prescription drugs, histories, billing, etc., which hackers’ favor.
Senior living facilities need to set solid passwords – those that are free of any identifying information. A strong password should leave out addresses, phone numbers, family names, first names, and real words as attackers easily deduce them. Instead, it should possess a combination of lowercase and uppercase letters, random symbols and numbers.
Those who have a hard time coming up with hard-to-crack login information can use online tools that generate strong passwords. Once a password is created, it should not be shared with anyone. It could easily land in the wrong hands, especially since 53% of cyber-attacks are from within. Experts also recommend using a password manager to store all passwords instead of writing them in books.
Use a VPN
Virtual Private Network (VPN) is a network built by use of public wires – often the internet – to connect regional offices or remote users to a facility’s private, internal network. It is used by facilities to secure their digital information and internet activity. A VPN can help boost cybersecurity by:
- Providing secure remote access
- Giving access to anonymity
- Permitting safe access to cloud services
- Tunneling connections
Protect mobile devices
Senior living facilities can monitor and protect facility phones. But it can be a little bit challenging when it comes to individual phones. Older adults who have their smartphones may want to access social media or download stuff, which may expose them to attacks. The same applies to when they need financial assistance from staff members or even strangers. Therefore, it is good to train them on cybersecurity matters to avoid a breach. It also pays to control in-person access so that only trusted members can visit the elderly.
Maintain good computer habits
Facilities should maintain all IT systems, including the EHR systems, to function correctly and reliably. Maintenance includes things like configuration management, operation system (OS) maintenance, and software maintenance. These involve a range of things, like
- Uninstalling any app that’s not essential to running the facility
- Not accepting default configurations when installing software
- Disabling remote file sharing and printing with the OS configuration
- Checking user accounts to ensure that former employee’s access is disabled
- Ensuring computers with critical data are wiped before disposal
- Archiving old data files or cleaning them off the system
Create and maintain backups
Backups are more like the last line of defense – should everything else fail. If the attackers manage to penetrate through all the tight security features, the backup will come in handy. Malware attacks are known to delete or even corrupt files. But backup ensures that information is readily available. However, facilities should check and test the backup device regularly to make sure everything is working correctly. The last thing they’d want to deal with after an attack is to realize the previous backup was months ago.
These are a just few of our suggestions for protecting your data security at your healthcare facility. It may be a good idea to speak with your IT specialist about the steps they are taking to protect your facility's private health information from cybercrime attacks.
Sheri Bruemmer is a seasoned industry expert with expertise in growing and managing operations that support assisted living, adult foster care, and homes for the aged communities. Sheri is a certified Gerontologist, licensed Assisted Living Director, and licensed nurse as well.