In an attempt to better patient care, lighten nurse workloads, and improve hospital business, many facilities are upgrading their technology. This spend for technology for most hospitals, according to a recent study by the College of Healthcare Information Management Executives, is allocated to five main areas:
- Business analytics
- EHR software
- Mobile applications
Electronic health records help alleviate nurse workload while mobile devices make medical care information more accessible to patients at discharge and improve hospital communication. Business analytics help everything run smoothly. Although all are important for a hospital to run efficiently, perhaps the most pressing use for this money these days is stronger technological security.
The Threats Are Real
According to a study by the Ponemon Institute, healthcare organizations are victim to an average of one cyber-attack per month. Of these attacks, almost half result in a loss or exposure of confidential patient information. Cases of medical identity theft are rising—resulting in decreased patient trust, lost business, and expensive ransoms for the return of stolen medical records. Still, these threats are not new.
Although technology may be changing dramatically, the tactics for cyber-attack have stayed the same. Phishing has remained a common tactic for computer hacking and information stealing. With many hospitals shifting to EHR software programs, the impact of a phishing attack can be enormous.
When a system has been overtaken and hacked, the patient’s personal and medical information are not the only things that are compromised. In one hospital earlier this year, both health records and e-mail were offline and inaccessible for over a week. Patients had to be turned away when the hospital did not have the resources or records needed to function.
Fighting Phishing: Strategies for Success
A three-fold safety strategy for tackling phishing is suggested by IT leaders:
- Data encryption
- Employee education
- Extra security software
Although many medical practices are transitioning to EHR systems, few are taking the time to really evaluate the safety requirements and ensure that the now-electronic records are safe. Even those software programs labeled “HIPAA Compliant” often lack the cyber safeguards needed to protect the system from phishing and other malware attacks.
Utilizing data encryption for EHR programs is a start, but employees also need to be trained to recognize, report, and respond appropriately to cyber-attacks. One ESET security researcher explained that many healthcare organizations are finding success in training employees to avoid malware e-mails or websites by running fake phishing campaigns. These campaigns send out internally “infected” e-mails, which employees are then to recognize and report.
By educating employees early on, hospitals minimize the risk of outing private patient information, system lockouts, and pricey ransom payments. This, in combination with increased encryption and cybersecurity products, can help fortify healthcare organizations in the event of cyber-attacks.
Security—A Smart Business Decision
While there are many needs for hospital technology, before worrying about the high-tech analytics systems or forward phone interfaces, it is important to ensure that those systems are safe. Taking the time and money to invest in strong cyber security is important. CISO Barry Caplin of Fairview Health Services states that technological safeguards are “strategic value-added enablers,” which can help simplify healthcare provider workloads, create sustainable and safe business practices, and ultimately increase the security and care of the patient.