The 2020 COVID-19 pandemic changed the way most people look at healthcare. It proved the broad utility of telehealth as a way to continue care without needing to take in-person trips to a healthcare facility.
It also showcased how vitally important healthcare cybersecurity has become during the internet age. The importance of HIPAA and the General Data Protection Regulation (GDPR) in the European Union (EU) can’t be understated, but cyberattacks on protected healthcare information are rising. How are strong cybersecurity measures working to protect sensitive patient data?
A Vulnerable Industry
The healthcare industry is perpetually on the cutting edge of technology, but that doesn’t mean everything is shiny and new. Many essential networks are running out-of-date operating systems.
Britain’s National Health Service (NHS) experienced this in 2017. Their systems were attacked by the Wannacry ransomware program, which took multiple systems offline for several days.
The Wannacry ransomware was able to find its way into the NHS systems because most of the infected computers were running on Windows 7. At the time, Windows still supported the operating system. Still, the NHS’s network was unpatched, so none of the computers had received the vital security updates necessary to block this type of infection.
It isn’t just patient data that’s at risk. In one case, a patient died when she had to be rerouted to a facility that wasn’t impacted by a ransomware hack in 2020.
A Lucrative Target
Why is sensitive patient data a lucrative target for hackers and cyber thieves? It’s often compared to credit card or identity data in terms of value.
For one thing, medical data is worth up to 10 times more than non-health records. On average, health records will sell for more than $400, while non-health records are only worth an average of $148.
People also tend to pay closer attention to their credit records than their medical records. It’s easy to spot when someone makes fraudulent transactions on one’s credit cards, especially with modern identity monitoring and apps that keep people appraised of their credit scores and bank balances.
There currently is no similar resource for people to keep track of their health records. There is often a lack of direct communication between healthcare providers, making it difficult for users to keep track of their health records and easy for thieves to take advantage of this data.
How Is Cybersecurity Protecting Patients?
At its core, cybersecurity works to protect patients by preventing sensitive patient data from ending up in the wrong hands. Modern healthcare relies on a synergistic network of providers and partners, along with technology that speeds up information and data handoffs. The speed and efficiency come with potential risks that must be addressed, however.
Electronic health records (EHRs) are one piece of the puzzle, but strong cybersecurity becomes more essential as a patient’s information becomes digitized. Other aspects of healthcare cybersecurity include:
- Implementing cybersecurity technology and building a pool of talented individuals to support that technology.
- Taking the time to develop a cybersecurity strategy to prevent breaches and ensure sensitive patient information remains protected.
- Staying abreast of new technologies and new cybersecurity risks as they emerge.
- Implement internal cybersecurity protocols to prevent employees from opening links or attachments in unsolicited emails, which can be a frequent source of infection.
- Addressing vulnerabilities in the existing system, such as the missing security patches that allowed the NHS Wannacry attack to happen.
In addition to keeping patient data safe, creating a secure network for electronic health records could potentially create an avenue to support more comprehensive and effective communication between healthcare providers. This, in turn, could help providers coordinate care when transfers between specialties prove necessary.
Keeping Patient Information Safe
As the healthcare industry adopts more advanced technologies, cybersecurity will continue to be necessary. Keeping this private information protected is about more than just keeping data out of the hands of thieves and hackers. If the wrong person makes their way into a protected health system, it could cost someone their life. Healthcare cybersecurity may feel like an abstract concept, but it has real impacts.