According to the report by HealthIT Security and the FBI, this year cybercriminals have managed to hack community health centers, oncology clinics, and even simple practice management entities. Hacker groups like Conti have claimed 16 ransomware attacks against healthcare facilities, while their “unofficial” toll equals roughly 1000. Attacks on vital healthcare facilities endanger the lives of thousands of patients by limiting real-time access to their protected health information (PHI), and even by making equipment to malfunction. Below are the four key healthcare security trends to know in 2022.
I. Healthcare is the most vulnerable and costly industry for cybercriminals
According to a report by IBM, in 2020 alone healthcare cybercrimes were worth $7.13 million dollars in revenue losses. For the last 10 years since 2010, this amount had been increasing exponentially.
II. Healthcare facilities are among the most frequently targeted objects for cybercrimes
The same report also outlines three industries that suffer the most from ransomware and data breaches: healthcare, energy, retail.
III. The number of healthcare data breaches is steadily increasing year by year
In 2020, over 600 attacks on healthcare facilities have been reported, with just 199 reported cases in 2011. The outcome is the following: we are no longer invincible against them!
IV. The number of cases is rising, but so do the penalties.
Last year, hundreds of healthcare providers, insurance plans, and revenue cycle management providers were fined for not being HIPAA-compliant. With the lives of people at stake, this is not surprising at all.
With all this in mind, no healthcare provider is immune from data breaches! For this reason, our billing and IT experts have made a list of things that you can do now to protect yourself from costly cyberattacks:
I. Educate yourself and your staff on cybersecurity and digital awareness.
No matter how sophisticated your security measures are, ordinary people will always be “on the front line” of cyberattacks. No antivirus shall protect your facility from opening phishing emails and clicking on suspicious links. A seemingly minor miscalculation may lead to a million dollar revenue loss. According to our internal research, most data breaches are caused by ignorance and carelessness of employees. Therefore, here is what you and your employees need to know:
• Do not click on the links that look suspiciously long and sent without any pretext, even if you receive them from your patients, friends, or relatives. The same goes for the links that tend to “mimic” any legit website, for example, www.myaccount.medicare.com should never be confused with a true Medicare website, www.medicare.gov.
• Do not download & open large attachments in an email received from an unknown/suspicious sender. In most cases, your anti-spam filters will deal with such emails. However, when they will not, you should not open a 70-mb PDF sent by an email that looks something like this: firstname.lastname@example.org.
• Do not browse or upload sensitive information while using a public Wi-Fi. As primitive as it is, this warning is still ignored by many people, resulting in massive data leaks.
II. Know what must be protected – differentiate PHI from any other type of information.
It is critical to be aware on what must and what must not be protected in compliance with HIPAA. Any information related to a patient’s clinical condition that allows third parties to identify this patient (by obtaining his/her first/last name, date of birth) is legally obliged to be protected. No information on specific patients and their clinical conditions must be stored in insecure storage, such as Excel Sheets and Google Docs. On contrary, any other information that may identify a patient but does not reveal anything about his/her clinical condition (for example, an outstanding out-of-pocket balance) may be stored on all other sources.
III. Use a secure cloud-based EHR system
While Excel sheets may be leaked or accidentally deleted, the same does no go for most of the Electronic Health Records systems. Cybersecurity is among the top priorities of healthcare software development. Therefore, we encourage you not to use At WCH Service Bureau, we care about the security of your data. For this reason, our experts have developed iSmart EHR, a sophisticated chart records software that can save you hours of work, and protect your data from breaches. iSmart EHR is fully HIPAA-compliant, and it has many cool additional features, such as hundreds of chart templates and reports.
Now that you are aware of all the potential threats and ways of dealing with them – it is time to act! Data breach = revenue loss, let alone your reputation among patients.