In the healthcare sector, cybersecurity has quickly emerged as the most significant vulnerability.
Skilled nursing facilities and other long-term care centers are especially vulnerable to cyberattacks as cybercriminals attempt to gain access to resident and employee data to use in larger identity theft and fraud schemes.
According to a study conducted by the Ponemon Institute, around nine out of 10 healthcare organizations encountered a cyberattack in a span of 12 months. Shortly after that study, the well-known organization CommonSpirit Health suffered from a severe ransomware attack.
Every day, more healthcare organizations find themselves in conflict with the dark web. While administrations take steps to safeguard patient privacy, many are reactive instead of proactive. A more secure technological future for healthcare necessitates stronger measures to prevent cyberattacks.
According to the Ponemon study, every organization experienced an average of 43 attacks, which cost an average of $4.4 million each. In total, the healthcare sector witnessed a 45% surge in cyberattacks in 2021 alone.
The consequences of slow responses to these attacks are severe, including system performance delays and downtime leading to significant technological failures. Financial losses can include missed business opportunities, higher overhead, cash outlays and labor expenses. These attacks disrupt regular healthcare operations and damage infrastructure, and their consequences can extend for years.
Ransomware, the most common and significant type of cyberattack, is just one of several that healthcare organizations may encounter. In a ransomware attack, a computer system gets hacked and then frozen until the hacker receives a large sum of money. Other types of attacks include phishing, supply chain interruptions, business email compromise, and cloud violations, among others. Any of these cyberattacks can cause turmoil for a medical institution, potentially leading to patient deaths.
What is at stake?
The consequences of cyberattacks are significant and can affect several different aspects of the healthcare industry.
Patient health
When a healthcare organization suffers a cyberattack, its patients become the most vulnerable victims. Numerous medical devices lack adequate security measures to prevent hacking attempts. During such an attack, some individuals in need of emergency care may be unable to receive timely treatment. Additionally, the already prevalent shortage of healthcare workers becomes even more apparent in the aftermath of a cyberattack. In some cases, patients may be forced to wait for weeks or even months before receiving the necessary care.
Additionally, cybercriminals really want to get their hands on the electronic health records that are collected and stored by skilled nursing facilities. EHRs contain detailed patient records, billing and payment information, and prescription instructions that would benefit cybercriminals. In the hands of hackers, this data can be used to steal a patient’s identity, interrupt their ability to receive life-saving medical treatment, and can even be used to falsify financial documents.
Financial loss
According to a 2021 survey of IT professionals in the healthcare industry, a mere 6% of IT budgets are devoted to cybersecurity. Healthcare leadership often views cybersecurity as an avoidable expense that reduces profits. However, failing to invest in enhanced cybersecurity measures can ultimately prove more costly in the long run.
Solution confusion
While increasing privacy may seem like the obvious solution, sharing information also has its benefits. Remote access to medical data is essential for healthcare professionals, and sharing certain information can lead to scientific breakthroughs, better outcomes for patients, and more informed care. Moreover, sharing data can help safeguard informed consent. Privacy laws like HIPAA have been in place since 1996 and have been adjusted by presidential administrations to prevent certain types of discrimination.
Despite the advantages of data sharing, some policies fail to clarify which issues affect patients the most. Patients are often required to provide their most sensitive information, such as their social security numbers, and are then told to keep it secure. Ensuring security over the internet is even more challenging. People generally understand the importance of security, but they still wear devices that track and send their information to unknown sources.
The healthcare industry faces the challenge of striking a balance between data sharing and data security. More work is needed to bridge this divide.
What are the next steps to take?
There is no doubt that the healthcare and senior care industries need to improve their cybersecurity measures to keep up with other sectors. The following are some of the primary steps that should be taken:
Catch up with the rest of the world
Compared to other countries, the United States is behind the times in terms of cybersecurity. Closing this gap would significantly enhance the security of U.S. healthcare. This means that healthcare and senior care executives must invest in cybersecurity measures within their organizations.
Skilled nursing facilities and other long-term care centers can even consider third-party cybersecurity providers that can keep their networks safe if they don’t have the ability to hire their own staff of IT professionals.
Increase awareness
One of the first steps in defending against cyber threats is to become aware of them. Hackers are often already present within the walls of targeted healthcare organizations. According to a survey by the Ponemon Institute, only half of healthcare organizations include prevention strategies in their strategic plans, and less than half have documented instructions for responding to attacks.
It’s also critical that healthcare organizations and skilled nursing facilities prioritize employee training on cybersecurity. One of the reasons for an uptick in cyberattacks on vulnerable populations like skilled nursing facilities includes human error. Weak passwords and a lack of understanding of security measures contribute to cyberattacks. In-depth cybersecurity training helps staff better understand how to recognize and, therefore, prevent hackers from accessing their systems.
Look at other industries
Healthcare leadership can look to industries like retail for guidance. Employees should assume that cyberattacks are imminent and take measures to prevent them. This should be a regular cost of doing business and part of daily operations.
As healthcare increasingly moves online, the cloud-based systems it relies on become increasingly vulnerable. Skilled nursing facilities should view cybersecurity as a regular business investment rather than an unwanted expense. By prioritizing their patients’ safety, American healthcare can maintain its international standing, continue to provide top-notch care and remain financially stable. Investing in cybersecurity now will ensure a brighter future with fewer breaches and greater reliability.
Joel Landau is the founder and chairman of The Allure Group, a rapidly expanding provider of skilled nursing and rehabilitation services throughout the New York downstate area. The Allure Group transforms nursing homes into post-acute rehabilitation centers that are attentive to the needs of residents when it comes to their health, comfort, culture and quality of life.
The opinions expressed in McKnight’s Long-Term Care News guest submissions are the author’s and are not necessarily those of McKnight’s Long-Term Care News or its editors.
Have a column idea? See our submission guidelines here.