You’ve heard the recent – and sometimes overly-used – buzzword “the new normal” when referring to how organizations are conducting work during COVID-19. Yet still, as businesses re-open, many predict there won’t be a full-shift back from working remotely, and that what is going on today will continue to be the “new normal” for a lot of us.
As an organization in the healthcare industry, you already know you’re at a higher target for threats because of the information you store and transmit. Most hospitals do their due diligence to set up security standards to protect patient information from outside threats, but then often underestimate the exponential risk of threats that can happen within the organization.
We just wrapped up the month of October supporting National Cybersecurity Awareness Month and the emphasis focused on the mantras of Own IT, Secure IT, Protect IT as it relates to your personal and patient data. As a leader in Patient Privacy, we were proud to participate in National Cybersecurity Awareness month, and share many educational resources throughout the month. Each week during the month we focused on a different topic to give you tips for what hospital leaders (and in some cases, you personally) can do to improve cybersecurity protection.
Let me begin by saying, I live on the Atlantic coast, just north of Jacksonville, FL. Because it’s hurricane season in this area, I always keep a keen eye on hurricane updates. Recently, I tracked and monitored Hurricane Dorian and the impact it might have on my family.
The Two Tales of Remote Access Security: Protection from Hackers, and Meeting Regulatory Requirements.
It’s all over the news - a new healthcare breach here, a new healthcare IT study there, that talks about how healthcare IT security needs to be a focus in 2019. Yet, we are already seeing more breaches in 2019 than ever before.
All hospitals know that they need to have some form of security plan in place to protect patients and their information. The problem is that the changing requirements and increase in breaches means that this plan has to always be evolving. Hospitals likely have goals for what they would like to change in the future to make sure they are adapting to the ever-changing threat landscape.
I recently posted about Ten Best Practices to Mitigate Cybersecurity Threats that came from recommendations by the Health and Human Services publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” That document addresses five cyber threats, with ten best practices for small to large healthcare organizations.
On October 27, 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). Section 405 of CISA is specific to healthcare and charges Health and Human Services (HHS) with the responsibility of leading healthcare cybersecurity efforts, with the goal of keeping patient personal data secure.
ECRI Institute recently announced their annual “Top 10 Health Technology Hazards for 2019.” If you keep abreast of Health Information Technology (HIT) news, you already know the number one risk: hackers can exploit remote access to systems, disrupting healthcare operations.
"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death."
The topic of security is on the minds of most healthcare IT professionals today. Securing remote access to your hospital's network is the deadbolt that helps protect your data. Most people don't leave their backdoor wide open, or expect that little doorknob lock to be secure, so why do most hospitals do the equivalent with their networks?