The following is an article from the American Hospital Association (By John Riggi, Senior Advisor for Cybersecurity and Risk, American Hospital Association) that talks about cybersecurity and protecting patient safety.
Health care organizations continually face evolving cyberthreats that can put patient safety at risk. That’s why I advise hospital C-suite and other senior leaders not to view cybersecurity as a purely technical issue falling solely under the domain of their IT departments. Rather, it’s critical to view cybersecurity as a patient safety, enterprise risk and strategic priority and instill it into the hospital’s existing enterprise, risk-management, governance and business-continuity framework.
Aligning cybersecurity and patient safety initiatives not only will help your organization protect patient safety and privacy, but will also ensure continuity of effective delivery of high-quality care by mitigating disruptions that can have a negative impact on clinical outcomes.
Why Health Care Gets Hit More
Health care organizations are particularly vulnerable and targeted by cyberattacks because they possess so much information of high monetary and intelligence value to cyber thieves and nation-state actors. The targeted data includes patients’ protected health information (PHI), financial information like credit card and bank account numbers, personally identifying information (PII) such as Social Security numbers, and intellectual property related to medical research and innovation.
In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web. Unfortunately, the bad news does not stop there for health care organizations — the cost to remediate a breach in health care is almost three times that of other industries — averaging $408 per stolen health care record versus $148 per stolen non-health record.1
How Cyberattacks Threaten Patient Privacy, Clinical Outcomes and Your Hospital’s Financial Resources
Cyberattacks on electronic health record and other systems also pose a risk to patient privacy because hackers access PHI and other sensitive information. By failing to keep patient records private, your organization could face substantial penalties under HIPAA’s Privacy and Security Rules, as well as potential harm to its reputation within your community.
Most importantly, patient safety and care delivery may also be jeopardized. Losing access to medical records and lifesaving medical devices, such as when a ransomware virus holds them hostage, will deter your ability to effectively care for your patients. Hackers’ access to private patient data not only opens the door for them to steal the information, but also to either intentionally or unintentionally alter the data, which could lead to serious effects on patient health and outcomes.
Another example: Patient outcomes were threatened when Britain’s National Health Service was hit as part of the May 2017 “WannaCry” ransomware attack on computer systems in 150 countries, resulting in ambulances being diverted and surgeries being canceled. Since that time there have been other instances of ambulance diversion orders issued due to ransomware, including here in the U.S. With proper planning and investment, however, it’s possible to mitigate this risk. As I told Congress last July, “The impact of Wannacry on American hospitals and health systems was far less serious, which speaks to the tremendous efforts the field has made to improve cybersecurity and build incident-response capabilities.”
Take Steps to Protect Your Organization
The cyber bad guys spend every waking moment thinking about how to compromise your cybersecurity procedures and controls. The best defense begins with elevating the issue of cyber risk as an enterprise and strategic risk-management issue. If possible, you should also dedicate at least one person full time to lead the information security program, and prioritize that role so that he or she has sufficient authority, status and independence to be effective. Furthermore, you and your team should receive regular updates on your organization’s strategic cyber risk profile and whether adequate measures are dynamically being taken to mitigate the constantly evolving cyber risk.
Finally, the most important defense is to instill a patient safety-focused culture of cybersecurity. This enables health care organizations to leverage their existing culture of patient care to impart a complementary culture of cybersecurity. A culture of cybersecurity, where the staff members view themselves as proactive defenders of patients and their data, will have a tremendous impact in mitigating cyber risk to the organization and to patients.
How ContinuITy™ by The HCI Solution Can Help
ContinuITy™ can be used for planned or unplanned system downtimes and even during full network outages. Carefully honed workflows that strive for excellent patient care and efficiency cannot tolerate any level of system downtime. Finally, there is a MEDITECH downtime system that is familiar to all MEDITECH users, easy to use, secure, and incredibly resilient.
Fill out the below form to request a demo and have one of our experts further explain why ContinuITy™ is an essential part of any healthcare IT system:
Meet Jim Archambault – Integration Engineer
The products and services at The HCI Solution are developed by highly skilled engineers. One of those is the brilliant Jim Archambault.
Jim is an Integration Engineer who develops and maintains the user interface for one of The HCI Solution’s most popular products – ContinuITyTM Downtime Portal. On top of that, he works on archive extraction components and develops utilities to handle hospital data specifically customized to their needs. Additionally, Jim handles support issues for all The HCI Solution products.
What Jim Archambault Likes Best About The HCI Solution
There is a reason that Jim has been with The HCI Solution since September of 2018. He says the best thing about working for The HCI Solution is the ability to challenge himself and learn new things, with his team supporting him while doing so. Jim really enjoys the opportunity to work on development style projects.
When Jim Archambault Is Not At Work
Being an engineer at work translates well into one of Jim’s favorite hobbies. He really enjoys building Lego sets. All the screen time at The HCI Solution does not damper his love for video games at home. Additionally, Jim likes hiking, camping, and gardening. Another passion of Jim’s is painting miniatures for tabletop gaming.
When it’s time to relax and watch other people do things, Jim cheers on the Boston Bruins, Green Bay Packers, the McLaren Formula 1 team, and the Ducati factory team of MotoGP.
Building Another Engineer?
Jim’s favorite project is raising his son. His fiancé gave birth in December 2021. Jim states that they have been having a lot of fun raising their baby.
If you need to get in touch with Jim or learn about any of our other team members, please contact us.
Meet Samantha Cameron. Many of you have already had the pleasure of speaking with Samantha for a variety of business-related issues. However, this is your opportunity to really get to know the person behind the voice on the phone.
What Samantha Cameron Does for The HCI Solution
Samantha is our Business Manager and she started with The HCI Solution back in 2018. This month marks her four-year anniversary. As the Business Manager, Samantha balances a lot of responsibilities. A typical week, if there is such a thing, will find her heavily involved with bookkeeping, payroll, IT and software administration, insurance plan management, business mailings, and every regarding human resources for The HCI Solution. Samantha engages with our customers and internal staff for a multitude of reasons – and she is an expert at all.
Samantha’s Favorite Moment at The HCI Solution
Although she is a bit more “behind the scenes,” Samantha Cameron interacts with The HCI Solution clients by answering billing questions, working with AP departments, and sometimes helping with customer access issues and special requests. Samantha’s favorite client interaction is when she gets special requests for reports from customers. One time, she had a customer request a monthly report concerning help desk tickets to make managing them easier. So, Samantha customized and created a report including the requested information and sends it to the appreciative client on a monthly basis. Samantha says, “Any time a customer wants to look at hours used, or project costs and I get to put together a report of that for them to give them a clear picture, I enjoy it.”
Why Samantha Loves Working at The HCI Solution
Samantha really loves working at The HCI Solution. She says it’s “like a big family. Everyone is kind to one another and supportive.” She makes a point of acknowledging she feels appreciated and valued by all of my co-workers and can always count on them to let me know when a job has been well done.
Samantha cites how there is opportunity for advancement, and how she has grown exponentially in her position with The HCI Solution. “I’ve learned things in this position that I never saw myself learning and even at times impressed myself with solutions I have come up with.” She also loves that the job is flexible to her needs. Samantha expands on that by saying, “Working remotely as we do offers flexibility unlike any other job I’ve ever had, and when you have a family, and young kids it removes a lot of stress from everyday life.”
Samantha Cameron Away from the Office
The family that Samantha mentions consists of Chris, her husband of eight years, and their two beautiful children, Lydia (6) and Cannon (4). The Cameron clan also includes two dogs, Lovey and Malificent.
Outside of work, Samantha Cameron has plenty of hobbies and interests. She is quite the karaoke singer and also helps with live productions at her church. Samantha is the Event Coordinator for her kids’ Elementary Booster Club. She loves cooking – especially baking – and craft projects. Living in a small, rural town in southern Missouri allows Samantha to enjoy hunting, fishing, camping, and boating on the lake.
If you want to know more about other members of The HCI Solution team, click here.
The following is an article from Health IT Security (by xtelligent HEALTHCARE MEDIA) that talks about how to protect your healthcare IT system from an array of threats to your operation.
Whether it’s a ransomware attack or a tornado, hospitals and health systems must be able to maintain business continuity through a crisis. Both natural and human-made threats have the power to disrupt workflows, and with patient care on the line, healthcare organizations cannot afford to lose access to critical data and systems.
While incident recovery plans are required by HIPAA and are crucial to restoring operations, they only address specific symptoms of a larger underlying need: enterprise resilience.
Healthcare organizations can better prepare themselves to withstand disasters by assessing the current threat landscape and focusing on business continuity and resilience rather than just recovery. Leveraging cloud technology can also reduce the burden on healthcare organizations to manage these threats independently, providing trustworthy solutions to protect critical data.
The Current Threat Landscape
Threats to business continuity can come in many forms. From California wildfires to flooding in the Carolinas, unforeseen natural hazards can leave organizations with full ICUs and limited access to critical on-premises data.
At the same time, bad actors have launched cyberattacks against health IT infrastructure — taking systems offline and disrupting day-to-day operations. Beyond external cyber threats, poor employee cyber hygiene may invite phishing scams and endanger even the most robust security architectures.
Healthcare records are worth up to $250 per record on the black market, compared to just $5.40 for payment card information, the next highest value record, SecureLink found. In fact, of all critical infrastructure sectors, the healthcare sector faced the most ransomware attacks in 2021, the FBI’s Internet Crime Complaint Center (IC3) observed in a recent report.
And, HHS recently issued a brief to warn organizations of increased EHR security risks in light of recent cyberattacks. The brief recommended that organizations implement technical safeguards and heighten their cyber resilience to combat these threats.
Healthcare Has a Resilience Problem
But Hector Rodriguez, executive security advisor, WWPS health and life sciences at AWS, suggested that focusing on one problem at a time means missing an opportunity to look at your framework, architecture, and solutions to address the concept of resiliency holistically.
“By treating each of those symptoms one at a time, you are not treating the real issue, which is a lack of resiliency. It’s important that organizations measure how resilient they are at an enterprise level, not just at an individual application, department, or building level,” Rodriguez said.
“This means reevaluating people, tools, and documentation policies and procedures and making sure they’re connected.”
Tips For Achieving Enterprise Resilience
Research conducted by the Boston Consulting Group (BCG) Henderson Institute suggested that organizations build a resilient business model based on principles of biology. Resilient biological systems exhibit six characteristics: redundancy, heterogeneity, modularity, adaptation, prudence, and embeddedness. These characteristics can be applied to businesses to help them maintain resilience by adapting to unexpected events and optimizing efficiency.
Enterprise resilience requires organizations to take a holistic approach to security and safety. They must examine resilience in the supply chain, among employees, within applications, and even within data storage.
“You must leverage newer technologies for immutable data backups and encryption,” Rodriguez advised. “The goal here is availability. If I lose access to my medical record, pharma system, or supply chain system, I will have trouble running a hospital.”
Cloud technology is one of the many tools that can help organizations achieve enterprise resilience and mitigate risk. Cloud adoption may not only allow for quicker recovery but may also reduce the risk of ransomware and data breaches. Rather than a hospital dealing with on-premises patching, cloud vendors patch and update behind the scenes, reducing the risk of out-of-date systems allowing for cyber-attacks.
In addition to cloud technology, comprehensive disaster recovery and incident response plans, including practicing for an event, can help healthcare organizations maintain patient safety and prevent further damage in the face of more predictable human-made and natural threats.
Additionally, enterprise resilience strategies go beyond standard IT disaster recovery by also addressing people and processes. People resiliency requires regular training and tabletop exercises. Every individual within an organization has a role in disaster recovery, and those roles should be clearly defined and should be practiced regularly. In fact, this is the place to start – modern security awareness training is key to building a resilient organization.
Data and application resiliency is also particularly vital to healthcare due to the sector’s reliance on EHR systems. When an organization loses access to its network, patient information may be completely inaccessible.
“A resilient strategy is designed to enable you to bounce back from anything that happens in your organization,” Rodriguez explained. “When you are more resilient, you can handle just about any disaster thrown at you, and you can also maintain highly available systems and capabilities.”
Rather than strictly safeguarding against and preparing for predictable threats, healthcare organizations should shift their focus toward attaining enterprise resilience to ensure data security and business continuity.
“We need to stop solving problems in the past. We need to design for the future. And that’s what this is about,” Rodriguez emphasized. “Let’s design a more resilient industry overall.”
How ContinuITy™ by The HCI Solution Can Help
ContinuITy™ can be used for planned or unplanned system downtimes and even during full network outages. Carefully honed workflows that strive for excellent patient care and efficiency cannot tolerate any level of system downtime. Finally, there is a MEDITECH downtime system that is familiar to all MEDITECH users, easy to use, secure, and incredibly resilient.
Fill out the below form to request a demo and have one of our experts further explain why ContinuITy™ is an essential part of any heathcare IT system:
