The healthcare industry faces unique and growing threats to cybersecurity, due to the amount of personal data stored on servers, and the relatively low level of cybersecurity in place for smaller healthcare facilities. The typical medical facility stores electronic health records (EHRs), employment data for thousands of individuals, and personal identity details for many healthcare employees and providers. Although larger healthcare facilities have taken additional steps to implement a multilayered security process to protect healthcare data at all levels of the organization, the abundance of information that needs to be protected, combined with less awareness of security risk in individual practices and smaller medical facilities, makes some healthcare facilities a prime target for cybercrime. If you work for a doctor’s office or a small to mid-size medical facility, or if you are thinking about pursing a career in healthcare, review the following three risks to understand how you can help your facility take steps to reduce security risk before it is too late.

The three risks that you should be aware of include:

1. The risk of attack by ransomware.
2. The risk of attack to medical devices.
3. The risk of password violations and phishing attempts.

The Risk of Attack By Ransomware

Since any business can be crippled by a ransomware attack, a cyberattack that locks a medical facility out of its own records is putting patients’ lives at risk. One Ohio hospital found this out the hard way; Ohio Valley Medical Center had to turn emergency room patients away after a ransomware attack locked them out of their own systems. Because ransomware is a malicious software program that blocks users from accessing the data stored on their own computer until a “ransom,” or money is paid to unlock their computer and regain access to their own data, in the case of the Ohio Valley Medical Center security breach, ambulances were diverted and computer systems were taken offline to address the attack. This meant that if you were a patient, you would not have been able to get the care that you needed while the facility struggled to resolve the ransomware issue. Sadly, this is not an unusual occurrence, and criminals have figured out that disrupting care is the fastest way to a quick payday when it comes to ransomware. 

The Risk of Attack to Medical Devices

Many of the devices used in a standard hospital setting are equipped with IoT based technology. This type of technology allows healthcare providers to collect data easily and to monitor patients long distance. Since these devices are directly accessing the healthcare facility’s network, they increase the risk of a cyberattack. While the use of IV stands, insulin pumps and other devices save lives, medical professionals should be aware that they are putting themselves and their patients at greater risk when using these devices. Placing these devices on a dedicated, separate network can drastically reduce the risk of a security breach. Keeping an accurate inventory of medical devices and where they are located in your facility can also help reduce the risk of attacks to your medical devices.

The Risk of Password Violations and Phishing Attempts

Providers and staff members can inadvertently increase a facility’s risk of cyberattack. From poor password choices, including options like “PASSWORD” and “QWERTY”, to a lack of awareness about phishing, employees may accidentally increase the risk of cyberattack. Scheduling online training sessions that incorporate best practices for password use, and how to recognize phishing and ransomware attempts, can drastically reduce the likelihood of responding to these cyberattacks. The IT department can also take additional steps to help protect your facility and ensure that no one without the right to access sensitive patient or employee data can get into your computer network. 

Being aware of these three risks allows you to take steps to protect your facility, contact your manager and/or help desk if something looks suspicious in terms of information access, and safeguard the data of patients as well as managers and other employees in your healthcare facility.

For more informative articles on healthcare, visit the Avidity Medical Design Blog.

To take an online course in healthcare, visit Avidity Medical Design Academy.