Healthcare News & Insights

Cybersecurity attacks are on the rise: Reduce your hospital’s risk

Cybersecurity threats like ransomware and malware attacks have been increasing in recent years, and many hospitals are particularly vulnerable. Because of the sensitive information hospitals have access to, cybersecurity issues are more than just a headache for IT – they can be a serious threat to patient safety. 

The ECRI Institute recently released its annual rundown of potential safety issues in healthcare technology, and ransomware and other cybersecurity threats top the list.

ECRI’s list was developed by engineers, scientists, nurses, physicians and safety analysts that rank health IT hazards based on investigations, as well as thousands of reports from the institute’s Problem Reporting Network.

Consequences of attacks

Why are hospitals at such a high risk for cyberattacks? Healthcare Dive offers a few reasons, namely:

  • the amount of legacy equipment that runs on old and unsupported operating systems
  • the failure to implement basic patches and updates in security systems, and
  • patients’ health records themselves, which offer a potential treasure trove of information for sale on the Dark Web.

Large-scale attacks can significantly impact patient care delivery by making health IT systems unusable, preventing access to patient data and records, and affecting the functionality of networked medical devices.

These attacks may also disable third-party services, disrupt the supply chain for drugs and supplies, and affect building and infrastructure systems.

Disruptions from these attacks can lead to canceled procedures and altered workflows (e.g., reverting to paper records), as well as damage equipment and systems, expose sensitive data and force closures of entire care units.

So with all the potential disasters that could result from a cyberattack, what steps can your facility take to improve security?

Beef up cybersecurity

Healthcare Business Tech has some advice, including:

  1. Make sure all computers are running recent, supported versions of operating systems, with programs to protect against malware and spam.
  2. Remind staff to always double-check websites for authenticity. It’s also a good idea to put in an extra layer of protection, such as a security question, before providers can log into payroll or electronic health records (EHR) systems – particularly if they access these systems offsite.
  3. Tell staff to be cautious when using their personal devices to access email and other hospital network systems (including EHRs). Remind them not to download any programs from suspicious sites – even games, as they could contain hidden software that could infect hospital networks and compromise PHI safety.

If a malware attack or data breach does occur, be sure to take the advice of Chris Byers, the CEO of a company offering a platform for online forms and data collection:

  • identify vulnerabilities
  • seek professional advice – from both legal and IT security experts
  • notify the appropriate parties
  • address future risks, and
  • manage the consequences.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.