In the early chaos of the coronavirus pandemic, the healthcare industry struggled to keep up with an influx of patients amidst a shortage of necessary resources. During this time, healthcare staff naturally prioritized the health and safety of their patients, but this led to a marked decline of cybersecurity measures, leaving themselves open to attacks.
Cybercriminals took advantage of the opportunity, and since the start of the pandemic to late 2020, cyberattacks on healthcare firms in the U.S. have increased by up to 150 percent. Recent numbers from the FBI state that within the last year, complaints of cyberattacks rose 400 percent. While healthcare facilities are still dedicated to providing the best care to patients impacted by COVID-19, it is imperative that healthcare practices, especially those like skilled nursing facilities, take cybersecurity seriously to prevent data leaks, care disruption, financial setbacks, and more.
Highlighting the Flaws in Healthcare Cybersecurity
The influx of cyberattacks on healthcare firms has served to illustrate how much cybersecurity measures in this industry need to improve. In the wake of the ongoing pandemic, it has become abundantly clear that healthcare is one of the most essential industries, so making cybersecurity a priority is more important than ever.
After the drastic increase of cyberattacks on healthcare firms, leaders in the industry are advised to address cybersecurity concerns and identify areas of improvement. Some of the most prominent aspects of cybersecurity the industry at large should strive to rectify include:
– Outdated IT infrastructure and security systems
– Unclear incident response plans
– A lack of dark web and cybercrime research
– Insufficient vulnerability identification and management
– Restricted access controls that haven’t been optimized
– Limited business continuity plans regarding patient-specific aspects
Cyberattacks are expected to become even more sophisticated and frequent over time, and the healthcare industry is a prime target for hackers. It is important for healthcare facilities to dedicate resources to developing an active defense approach to cybersecurity and protect patient data and wellness from harm.
In order to improve cybersecurity in the healthcare sector, leaders must ensure that there are sufficient proactive and reactive measures in place to prevent and combat future attacks. Doing so will keep patients safe and ensure facilities can operate with limited threats to data and patient security.
Patient Data and Patient Safety
In order to provide quality care and support to patients, skilled nursing facilities and other healthcare firms must prioritize the protection of patient data. Patient health data is particularly sensitive, and without proper security measures in place, hackers can access, steal, manipulate, and capitalize on this information.
Beyond personal data security, the rapid advancement of healthcare technology, like wearable tech, poses opportunities for cybersecurity risks. Interconnected systems like the Internet of Things (IoT) and insecure networks pose serious threats to patients and their well-being. While the more likely possibility entails the remote access of private data through insufficient cybersecurity measures, the connection of devices and databases could also pose a threat to patients’ physical welfare. Wearable technology, if connected to the internet for data transcription with an insecure connection, could be hacked and tampered with, jeopardizing patient health and provider care.
Care Disruption and Delayed Treatment
One of the more immediate consequences of insufficient cybersecurity in healthcare, namely in the wake of a cyberattack, is care disruption, delayed treatment, and patient access. In some cases of cyberattacks, healthcare systems may be disabled or interrupted for extended periods of time, resulting in insufficient patient care or the inability to see and treat patients as needed.
Extreme situations of delayed treatment can result in the loss of a patient’s life when a facility is unable to efficiently treat patients. For example, a recent ransomware attack on a hospital in Germany led to the death of a woman who, after being redirected to a facility 20 miles away in light of the cyberattack, was unable to receive urgent care in a timely manner.
In addition to disrupting a facility’s ability to care for its patients, cyberattacks could also result in misdiagnoses and misinformation through manipulated lab results and prescription orders. Hackers who gain access to machines used to analyze lab results could easily tamper with that data, resulting in false positives, undetected illnesses, or even lethal doses of medications.
The Financial Cost of Innovation and Cybercrime Recovery
In all industries, cybercrime can be costly. The healthcare industry simply cannot afford the substantial cost of cybercrime recovery, especially in the wake of telehealth innovation spurred by the pandemic.
Facilities are experiencing some difficulty in justifying cybersecurity investments, however, because of the costs associated with PPE, testing, ventilators, and new technology. Additionally, many facilities have experienced furloughs and short-staffing, making it even harder to prioritize hiring cybersecurity and IT professionals.
Understanding the cost-benefit relationship of cybersecurity measures, however, in that strong cybersecurity can ultimately cut costs and improve patient care, can help industry leaders make the necessary changes to invest in cybersecurity.
The COVID-19 pandemic has challenged the healthcare industry, especially those in skilled nursing facilities. The cyberattacks that occurred as a result of overwhelm and the prioritization of patient care have served to highlight the importance of cybersecurity in the healthcare industry. Healthcare executives must recognize how essential cybersecurity measures are for the effectiveness of care and the safety of patients. In doing so, the healthcare sector can make productive changes and innovations to existing security measures to prevent future attacks and protect their patients from data breaches and disrupted care.
About Avi Philipson
Avi Philipson is a healthcare executive with a distinguished reputation for providing high-quality nursing and rehabilitation care to residents all along the east coast. Avi Philipson serves as the Head of Operations at Axis Health, a leading consulting company trusted by skilled nursing facilities across Maryland and New Hampshire. In his role, Avi Philipson guides nursing and rehabilitation centers to mitigate risk, implement technological innovations, and provide compassionate care to both short-term and long-term residents.
