Imagene: Innovating cancer diagnostics through AI
Technology has reshaped the healthcare industry over recent years and improved standards of patient care, but there are downsides, with the sector suffering more than its fair share of cyberattacks and data breaches, writes Titilope Taiwo.
A cybersecurity survey conducted by the Healthcare Information and Management Systems Society in 2019, found that 82 percent of hospital respondents reported a critical security incident over the previous 12 months
Healthcare is twice as vulnerable to cyberattacks than any other industry owing to the amount of patient information at its disposal. More than half of fraud incidents within the healthcare industry involve the stealing of customer data, according to Carnegie Mellon University.
In cases of direct cyberattacks, where the attacker can lock or encrypt essential data, the organization has no option but to pay a ransom or risk losing data.
With access to sensitive information, the attacker can also manipulate network-linked devices to administer incorrect treatments, or undergo costly medical services, which may be pinned on the patient or organization.
Spam is any unwanted form of digital communication sent en masse to targets. Usually, spammers distribute their messages through social media, phone calls or emails. Some intend to spread malware or trick you into disclosing sensitive information. While it may not be easy to overcome spam, you can protect yourself by learning how spammers operate:
Scammers often disguise themselves as company representatives. Always check if the sender’s email address matches the supposed company domain they claim to represent. Also, check for reviews on the company, or information to prove it is legit. Little to no information about them should send a signal that the message is a potential threat.
Messages or calls about technical problems or data breaches in your healthcare cause an alarm. But before you get worked up, check if the message is detailed and specifically addressed to you. Scammers most times need your full information. They work with partial information to trick, or scare you, into divulging more information.
Links & attachments are scammers’ best tools in spreading malware or stealing your healthcare information. Never download or click on a link in a media message without verifying. Sometimes the message may be followed by a call from the spammer urging you to take action on the message. Even if the message is from a company you use, log into your account or contact the company via a message or call to confirm it’s genuine.
Humans are prone to error. But a company that genuinely cares about its reputation won’t have a lot of spelling, punctuation or grammar errors. Also, watch out for the unbelievable offers. Scammers prey on greed and emotions to get their target.
Carry out regular employee training. The staff has direct access to patients’ records. And some uncommon cases have reported staff stealing the confidential financial data of patients and using them for fraudulent activities. They can also be a target for criminals who can manipulate them to spread malware or steal patients’ records. The burden lies on the organization to conduct regular training for staff on the effect of cyberattacks and security breaches on the patient’s life and the organization’s reputation. Staff should be informed of their role in security and trained to identify various scammers’ strategies.
Clear systems also need to be established. Anything goes where there are no protocols. The System Administrator should arrange procedures for dealing with sensitive information and ensure they are followed. For instance, unauthorized staff should be denied access to certain computers. General access computers linked to sensitive information should not be in the open as they can be a gateway for those carrying out cyberattacks to access the organization’s sensitive information. You can effectively monitor the network security oversight by communicating expectations.
Good cybersecurity can serve as an extra layer of protection for the organization. If an employee downloads malware or clicks a spam link, the cyber security software installed can quickly detect the malware and shut it down before it causes any damage to your network.
Healthcare providers should also enforce regular audits. Users should create strong passwords, and access credentials should be checked regularly to ensure unauthorized or previous staff don’t have access to the patient’s record. Two-factor authentication should be in place. Even if passwords are compromised via a cyberattack, attackers can’t get past the authentication process that requires them to confirm their identity.
Deleted drives and information are still vulnerable. Cybercriminals can access and reformat them so they need to be properly disposed of. Healthcare providers should have strict policies about using drives with delicate information. You can also set up mobile device management software for employees to ensure they don’t compromise your data or break important policies.
You may only partially be able to protect your organization. If your patient data has been compromised, you are responsible for investigating the cause and finding the loophole in your network map to prevent another attack. Below are measures to take in the event of an attack:
Report the Breach. If you think your patient data may have been violated, you must report the issue urgently to the U.S. Department of Health and Human Services. You must also explain suspicious activities around your network to aid the investigation.
Educate patients. Help your patients avoid fraudulent activities. Educate them on identifying phishing, fake medical bills, and too-good-to-be-true claims from companies. You can pass on detailed information on the Fair Credit Reporting Act (FCRA) that outlines their rights and how to handle malicious claims.
Review Your Network. If a cyberattack effects your healthcare network, you need to investigate your network map. Check for any weaknesses, see which information is vulnerable and take moves to secure your network. You can use technology that tracks when an unauthorized device joins your system or hire a professional to help secure your system. Reviewing your network will not protect your healthcare information but also help to identify potential threats in the future.
The cost and effect of a network breach on healthcare providers are too much of a risk to ignore. Using the pointers above, healthcare can minimize the risk of a cyberattack and spot potential problems in the future.