News of breaches in healthcare computer systems is a regular occurrence. Over 100,000 medical records were recently leaked as a result of a data breach at a Montana hospital. And research this year showed an upsurge in malware attacks on healthcare providers. Phishing messages, a means of malware delivery via email, have been found to come in the form of alerts from the US Centers for Disease Control and Prevention (CDC).
As cyberattacks become more sophisticated and widespread, the need for adequately securing computer networks at hospitals and all medical facilities has never been greater, says Alex Zlatin, CEO of Maxim Software Systems (alexzlatin.com).
“The costs of cyberattacks for healthcare providers can be enormous,” Zlatin says, “but how hackers can literally stop facilities from functioning and keep patients from getting care and medication should get everyone’s attention. “It’s all about prevention, and for many providers, being secure as possible will involve a retooling and re-thinking of how they approach cybersecurity from the human and technological standpoints.”
Zlatin provides five tips for healthcare providers to better protect against cybersecurity threats:
-Educate employees about phishing attacks. Many breaches start with human error. Employees make the mistake of responding to an email, link or website designed by hackers to access private information. “Email is a popular phishing technique,” Zlatin says. “The best ways to prevent them from doing damage are to educate your employees on what suspicious emails look like and to use strong email spam filters. Also, your software should automatically scan any links or attachments. This prevents new or unrecognizable URLs from sneaking past company safeguards.”
-Beware of ransomware. Ransomware has been a big menace to the healthcare industry, holding data for ransom, paralyzing facilities and putting patients at risk. Zlatin says the first step in dealing with ransomware is backing up your system, ideally with a cloud backup to protect data. “Failure to do backup can cause irreparable damage,” he says. “And while hackers continually find ways to infiltrate, your security software should contain the most updated anti-malware and anti-ransomware protection. When a ransomware attack occurs, the first thing employees should do is contact their IT team — not try to resolve it themselves.”
-Have a top-down security program. There can be a disconnect and gaps in cyber security procedures when a medical facility’s security staff and IT team don’t overlap. “Including cybersecurity duties at a managerial level, perhaps even as an executive position, can ensure that correct initiatives are created, launched, and enforced, and that funding for security initiatives is available,” Zlatin says. “This also helps enforce regular risk assessment, which should be part of any healthcare provider’s cybersecurity threat program.”
-Make sure vendors have protection. The Healthcare Industry Cybersecurity Task Force, which was established by the U.S. Department of Health and Human Services and the Department of Homeland Security, warned providers about areas of security vulnerability in the supply chain. “Vendors should take the proper steps to detect threats,” Zlatin says. “They include all healthcare business partners, such as insurance companies and infrastructure providers, all of whom should have good security records and be able to protect medical information. It’s especially important for organizations that outsource IT personnel from third-party vendors.”
-Update passwords often. “Using the same passwords for most platforms is a big mistake,” Zlatin says. “It increases vulnerabilities. If a criminal discovers one password used for several accounts, it leads to a disastrous theft of data. So, have employees generate new passwords periodically and not get stuck on convenience.”
“Too often, many healthcare facilities aren’t vigilant enough about defending their medical records security,” Zlatin says. “Healthcare providers face a constant threat that requires constant vigilance because they and their patients have too much to lose.”
Alex Zlatin, author of the book Responsible Dental Ownership (alexzlatin.com), had more than 10 years of management experience before he accepted the position of CEO of dental practice management company Maxim Software Systems. He earned his MBA at Edinburgh Business School and a B.Sc. in Technology Management at HIT in Israel.
His company helps struggling dental professionals take control of their practices and reach the next level of success with responsible leadership strategies.