ContinuITy™: The Importance of Cybersecurity in Protecting Patient Safety

A high-level guide for hospital and health system senior leaders

The following is an article from the American Hospital Association (By John Riggi, Senior Advisor for Cybersecurity and Risk, American Hospital Association) that talks about cybersecurity and protecting patient safety.

Health care organizations continually face evolving cyberthreats that can put patient safety at risk. That’s why I advise hospital C-suite and other senior leaders not to view cybersecurity as a purely technical issue falling solely under the domain of their IT departments. Rather, it’s critical to view cybersecurity as a patient safety, enterprise risk and strategic priority and instill it into the hospital’s existing enterprise, risk-management, governance and business-continuity framework.

Aligning cybersecurity and patient safety initiatives not only will help your organization protect patient safety and privacy, but will also ensure continuity of effective delivery of high-quality care by mitigating disruptions that can have a negative impact on clinical outcomes.

Why Health Care Gets Hit More

Health care organizations are particularly vulnerable and targeted by cyberattacks because they possess so much information of high monetary and intelligence value to cyber thieves and nation-state actors. The targeted data includes patients’ protected health information (PHI), financial information like credit card and bank account numbers, personally identifying information (PII) such as Social Security numbers, and intellectual property related to medical research and innovation.

In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web. Unfortunately, the bad news does not stop there for health care organizations — the cost to remediate a breach in health care is almost three times that of other industries — averaging $408 per stolen health care record versus $148 per stolen non-health record.1

How Cyberattacks Threaten Patient Privacy, Clinical Outcomes and Your Hospital’s Financial Resources

Cyberattacks on electronic health record and other systems also pose a risk to patient privacy because hackers access PHI and other sensitive information. By failing to keep patient records private, your organization could face substantial penalties under HIPAA’s Privacy and Security Rules, as well as potential harm to its reputation within your community.

Most importantly, patient safety and care delivery may also be jeopardized. Losing access to medical records and lifesaving medical devices, such as when a ransomware virus holds them hostage, will deter your ability to effectively care for your patients. Hackers’ access to private patient data not only opens the door for them to steal the information, but also to either intentionally or unintentionally alter the data, which could lead to serious effects on patient health and outcomes.

Another example: Patient outcomes were threatened when Britain’s National Health Service was hit as part of the May 2017 “WannaCry” ransomware attack on computer systems in 150 countries, resulting in ambulances being diverted and surgeries being canceled. Since that time there have been other instances of ambulance diversion orders issued due to ransomware, including here in the U.S. With proper planning and investment, however, it’s possible to mitigate this risk. As I told Congress last July, “The impact of Wannacry on American hospitals and health systems was far less serious, which speaks to the tremendous efforts the field has made to improve cybersecurity and build incident-response capabilities.”

Take Steps to Protect Your Organization

The cyber bad guys spend every waking moment thinking about how to compromise your cybersecurity procedures and controls. The best defense begins with elevating the issue of cyber risk as an enterprise and strategic risk-management issue. If possible, you should also dedicate at least one person full time to lead the information security program, and prioritize that role so that he or she has sufficient authority, status and independence to be effective. Furthermore, you and your team should receive regular updates on your organization’s strategic cyber risk profile and whether adequate measures are dynamically being taken to mitigate the constantly evolving cyber risk.

Finally, the most important defense is to instill a patient safety-focused culture of cybersecurity. This enables health care organizations to leverage their existing culture of patient care to impart a complementary culture of cybersecurity. A culture of cybersecurity, where the staff members view themselves as proactive defenders of patients and their data, will have a tremendous impact in mitigating cyber risk to the organization and to patients.

How ContinuITy™ by The HCI Solution Can Help

ContinuITy™ can be used for planned or unplanned system downtimes and even during full network outages. Carefully honed workflows that strive for excellent patient care and efficiency cannot tolerate any level of system downtime. Finally, there is a MEDITECH downtime system that is familiar to all MEDITECH users, easy to use, secure, and incredibly resilient.

Fill out the below form to request a demo and have one of our experts further explain why ContinuITy™ is an essential part of any healthcare IT system:

The HCI Solution - Request a Product Demo

Meet the Team – Jim Archambault

Meet Jim Archambault – Integration Engineer

The products and services at The HCI Solution are developed by highly skilled engineers. One of those is the brilliant Jim Archambault.  

Jim is an Integration Engineer who develops and maintains the user interface for one of The HCI Solution’s most popular productsContinuITyTM Downtime Portal. On top of that, he works on archive extraction components and develops utilities to handle hospital data specifically customized to their needs. Additionally, Jim handles support issues for all The HCI Solution products.  

What Jim Archambault Likes Best About The HCI Solution 

There is a reason that Jim has been with The HCI Solution since September of 2018. He says the best thing about working for The HCI Solution is the ability to challenge himself and learn new things, with his team supporting him while doing so. Jim really enjoys the opportunity to work on development style projects. 

When Jim Archambault Is Not At Work 

Being an engineer at work translates well into one of Jim’s favorite hobbies. He really enjoys building Lego sets. All the screen time at The HCI Solution does not damper his love for video games at home. Additionally, Jim likes hiking, camping, and gardening. Another passion of Jim’s is painting miniatures for tabletop gaming. 

When it’s time to relax and watch other people do things, Jim cheers on the Boston Bruins, Green Bay Packers, the McLaren Formula 1 team, and the Ducati factory team of MotoGP. 

Building Another Engineer? 

Jim’s favorite project is raising his son. His fiancé gave birth in December 2021. Jim states that they have been having a lot of fun raising their baby. 

If you need to get in touch with Jim or learn about any of our other team members, please contact us. 

Meet the Team – Samantha Cameron

Meet Samantha Cameron. Many of you have already had the pleasure of speaking with Samantha for a variety of business-related issues. However, this is your opportunity to really get to know the person behind the voice on the phone.

What Samantha Cameron Does for The HCI Solution

Samantha is our Business Manager and she started with The HCI Solution back in 2018. This month marks her four-year anniversary. As the Business Manager, Samantha balances a lot of responsibilities. A typical week, if there is such a thing, will find her heavily involved with bookkeeping, payroll, IT and software administration, insurance plan management, business mailings, and every regarding human resources for The HCI Solution. Samantha engages with our customers and internal staff for a multitude of reasons – and she is an expert at all.

Samantha’s Favorite Moment at The HCI Solution

Although she is a bit more “behind the scenes,” Samantha Cameron interacts with The HCI Solution clients by answering billing questions, working with AP departments, and sometimes helping with customer access issues and special requests. Samantha’s favorite client interaction is when she gets special requests for reports from customers. One time, she had a customer request a monthly report concerning help desk tickets to make managing them easier. So, Samantha customized and created a report including the requested information and sends it to the appreciative client on a monthly basis. Samantha says, “Any time a customer wants to look at hours used, or project costs and I get to put together a report of that for them to give them a clear picture, I enjoy it.”

Why Samantha Loves Working at The HCI Solution

Samantha really loves working at The HCI Solution. She says it’s “like a big family. Everyone is kind to one another and supportive.” She makes a point of acknowledging she feels appreciated and valued by all of my co-workers and can always count on them to let me know when a job has been well done.

Samantha cites how there is opportunity for advancement, and how she has grown exponentially in her position with The HCI Solution. “I’ve learned things in this position that I never saw myself learning and even at times impressed myself with solutions I have come up with.” She also loves that the job is flexible to her needs. Samantha expands on that by saying, “Working remotely as we do offers flexibility unlike any other job I’ve ever had, and when you have a family, and young kids it removes a lot of stress from everyday life.”

Samantha Cameron Away from the Office

The family that Samantha mentions consists of Chris, her husband of eight years, and their two beautiful children, Lydia (6) and Cannon (4). The Cameron clan also includes two dogs, Lovey and Malificent.

Outside of work, Samantha Cameron has plenty of hobbies and interests. She is quite the karaoke singer and also helps with live productions at her church. Samantha is the Event Coordinator for her kids’ Elementary Booster Club. She loves cooking – especially baking – and craft projects. Living in a small, rural town in southern Missouri allows Samantha to enjoy hunting, fishing, camping, and boating on the lake.

If you want to know more about other members of The HCI Solution team, click here.

ContinuITy™: Maintaining Healthcare IT Continuity in an Age of Increased Threats

A focus on enterprise resilience can facilitate business continuity and enable healthcare IT departments to tackle any crisis, from ransomware to natural disasters.

The following is an article from Health IT Security (by xtelligent HEALTHCARE MEDIA) that talks about how to protect your healthcare IT system from an array of threats to your operation.

Whether it’s a ransomware attack or a tornado, hospitals and health systems must be able to maintain business continuity through a crisis. Both natural and human-made threats have the power to disrupt workflows, and with patient care on the line, healthcare organizations cannot afford to lose access to critical data and systems.

While incident recovery plans are required by HIPAA and are crucial to restoring operations, they only address specific symptoms of a larger underlying need: enterprise resilience.

Healthcare organizations can better prepare themselves to withstand disasters by assessing the current threat landscape and focusing on business continuity and resilience rather than just recovery. Leveraging cloud technology can also reduce the burden on healthcare organizations to manage these threats independently, providing trustworthy solutions to protect critical data.

The Current Threat Landscape

Threats to business continuity can come in many forms. From California wildfires to flooding in the Carolinas, unforeseen natural hazards can leave organizations with full ICUs and limited access to critical on-premises data.

At the same time, bad actors have launched cyberattacks against health IT infrastructure — taking systems offline and disrupting day-to-day operations. Beyond external cyber threats, poor employee cyber hygiene may invite phishing scams and endanger even the most robust security architectures.

Healthcare records are worth up to $250 per record on the black market, compared to just $5.40 for payment card information, the next highest value record, SecureLink found. In fact, of all critical infrastructure sectors, the healthcare sector faced the most ransomware attacks in 2021, the FBI’s Internet Crime Complaint Center (IC3) observed in a recent report.

And, HHS recently issued a brief to warn organizations of increased EHR security risks in light of recent cyberattacks. The brief recommended that organizations implement technical safeguards and heighten their cyber resilience to combat these threats.

Healthcare Has a Resilience Problem

But Hector Rodriguez, executive security advisor, WWPS health and life sciences at AWS, suggested that focusing on one problem at a time means missing an opportunity to look at your framework, architecture, and solutions to address the concept of resiliency holistically.

“By treating each of those symptoms one at a time, you are not treating the real issue, which is a lack of resiliency. It’s important that organizations measure how resilient they are at an enterprise level, not just at an individual application, department, or building level,” Rodriguez said.

“This means reevaluating people, tools, and documentation policies and procedures and making sure they’re connected.”

Tips For Achieving Enterprise Resilience

Research conducted by the Boston Consulting Group (BCG) Henderson Institute suggested that organizations build a resilient business model based on principles of biology. Resilient biological systems exhibit six characteristics: redundancy, heterogeneity, modularity, adaptation, prudence, and embeddedness. These characteristics can be applied to businesses to help them maintain resilience by adapting to unexpected events and optimizing efficiency.

Enterprise resilience requires organizations to take a holistic approach to security and safety. They must examine resilience in the supply chain, among employees, within applications, and even within data storage.

“You must leverage newer technologies for immutable data backups and encryption,” Rodriguez advised. “The goal here is availability. If I lose access to my medical record, pharma system, or supply chain system, I will have trouble running a hospital.”

Cloud technology is one of the many tools that can help organizations achieve enterprise resilience and mitigate risk. Cloud adoption may not only allow for quicker recovery but may also reduce the risk of ransomware and data breaches. Rather than a hospital dealing with on-premises patching, cloud vendors patch and update behind the scenes, reducing the risk of out-of-date systems allowing for cyber-attacks.

In addition to cloud technology, comprehensive disaster recovery and incident response plans, including practicing for an event, can help healthcare organizations maintain patient safety and prevent further damage in the face of more predictable human-made and natural threats.

Additionally, enterprise resilience strategies go beyond standard IT disaster recovery by also addressing people and processes. People resiliency requires regular training and tabletop exercises. Every individual within an organization has a role in disaster recovery, and those roles should be clearly defined and should be practiced regularly. In fact, this is the place to start – modern security awareness training is key to building a resilient organization.

Data and application resiliency is also particularly vital to healthcare due to the sector’s reliance on EHR systems. When an organization loses access to its network, patient information may be completely inaccessible.

“A resilient strategy is designed to enable you to bounce back from anything that happens in your organization,” Rodriguez explained.  “When you are more resilient, you can handle just about any disaster thrown at you, and you can also maintain highly available systems and capabilities.”

Rather than strictly safeguarding against and preparing for predictable threats, healthcare organizations should shift their focus toward attaining enterprise resilience to ensure data security and business continuity.

“We need to stop solving problems in the past. We need to design for the future. And that’s what this is about,” Rodriguez emphasized. “Let’s design a more resilient industry overall.”

How ContinuITy™ by The HCI Solution Can Help

ContinuITy™ can be used for planned or unplanned system downtimes and even during full network outages. Carefully honed workflows that strive for excellent patient care and efficiency cannot tolerate any level of system downtime. Finally, there is a MEDITECH downtime system that is familiar to all MEDITECH users, easy to use, secure, and incredibly resilient.

Fill out the below form to request a demo and have one of our experts further explain why ContinuITy™ is an essential part of any heathcare IT system:

The HCI Solution - Request a Product Demo

5 Reasons Why Hospitals Partner with The HCI Solution

Today people rely upon customer reviews and testimonies to decide which vendor to take their business to. Naturally, people want to work with a business that they can trust to get the job done effectively and efficiently within their time constraints. The HCI Solution relies on customer testimonies and references in gaining new customers. Our customers are eager to share their experiences in partnering with us and utilizing our products and services. To present a clear picture, we’ve come up with the following 5 Reasons Why Hospitals Partner with The HCI Solution.

1. Response Time/Communication

It can be frustrating when dealing with an unresponsive vendor, support team, or partner. The HCI Solution knows the impact unresponsiveness and lack of communication can have on productivity and the ability to meet critical deadlines. At The HCI Solution we strive for 1 hour response times, because time is valuable and so are our customer’s needs. We want to ensure that any inquiries, requests, and other correspondence are met with a timely response. Although we may not have an answer within the hour every time, we will do everything we can to acknowledge requests in a timely manner.

Interior Health HCI Response Times Testimony

2. Reputation

The HCI Solution has a mission to deliver reliable and cost-effective software solutions and services that reduce costs and improve healthcare efficiency for our customers so that they can provide better patient care. We value our customers and their opinions of us, because when our customers share positive testimonies of their experience working with us it means we’ve done our job right.

Skagit HCI Reputation Testimony

3. Deeply Integrated Solutions

When we develop and enhance solutions at The HCI Solution, our main priority is that they seamlessly integrate with the other relevant tools and customers’ specific workflows for which they were created. Our applications are easy to use and deeply integrate with MEDITECH, allowing for easy staff adoption. We want customers to feel comfortable using all of our solutions on a regular basis. Our main goal with our applications is to increase workflow efficiency, saving facilities time and money.

4. Competitive Pricing

The HCI Solution offers all products and services with hospital budgets in mind. We strive to meet customer’s needs with a price point that’s fair and affordable. We offer discounts when customers are interested in multiple products and services, or are interested in products or services for multiple facilities. With our Engineering Concierge Services plan, hospitals have saved thousands of dollars and know that no matter how many of their contracted hours are used in a month or what services they are used for, they will continue to pay their contracted monthly rate for the hours used.

Heywood Competitive Pricing HCI Testimony

5. Filling and Bridging the Gaps

It can be difficult finding the right staff to meet all technical needs – they may possess skills to meet certain employment needs, but it is getting more difficult to find well-rounded individuals that cover all of a facility’s needs. Recruiting, vetting, hiring, onboarding, and training individuals can be an arduous task that takes time and money. The HCI Solution is staffed with individuals that can fill those technical gaps facilities may face. With our highly experienced, well-rounded team, it’s safe to say we have our customers covered. They consider us their “one stop shop.”

It’s for all of these reasons that we know customers can take comfort in the decision of choosing The HCI Solution as their credible industry partner. We are committed to carry out our mission, company values, and focus on our vision.

OUR MISSION

To deliver reliable and cost-effective software solutions and services that reduce costs and improve healthcare efficiency for our customers so that they can provide better patient care.

COMPANY VALUES

Trust is the foundation of any good relationship, and that is why we work hard to build trust with all of our customers. We hold ourselves accountable to our customers, shareholders, partners and employees by honoring our commitments, providing results and striving for the highest quality. We also believe strongly in maintaining a high level of customer satisfaction, which is why all of our products come with a satisfaction guarantee.

OUR VISION

To become the leader in software solutions to the healthcare industry by providing cost-effective and reliable products that lead to better patient care by:
• Enhancing patient safety
• Streamlining workflows
• Improving clinical efficiency
• Increasing IT efficiency
• Reducing costs
• Decreasing waste

When you choose The HCI Solution, you choose peace of mind.

Contact Us to find out how The HCI Solution could help you as a partner.

LinkedIn