The levels of technological sophistication run the gamut in the healthcare industry, and in a pre-COVID-19 world, providers set their own pace. Today, we’re seeing a massive acceleration in technology adoption that’s brought about a significant change in the way healthcare is delivered. As caregivers on the front lines race to provide clinical care, health IT professionals rush behind the scenes to provide the digital tools necessary for secure healthcare provision in a changed environment.
Today’s social distancing requirements are designed to keep both providers and patients safe. This caused the use of telemedicine through video conferencing and remote network access to ramp up quickly, much more quickly than expected. Both clinical and administrative staff use telemedicine apps on their devices, and patients access the system on their own phones or tablets.
In a rush for swift and widespread scaling to meet demand, certain aspects of design, security framework, and network protection could have taken a back seat to the urgency of enabling remote connections, increasing system susceptibility to cyber threats. Yet, the need to verify the identity of the user and secure healthcare information is as vital as ever.
Even though the enforcement of HIPAA privacy rules for telehealth visits has been temporarily relaxed during the pandemic, healthcare organizations should still utilize a strong cybersecurity strategy to protect the health and safety of their patients.
Attacking Patient Data
As providers reach more patients virtually, fraudsters are infiltrating network systems and taking advantage of every possible vulnerability. Protected health information (PHI), including patient names, birth dates, policy numbers, diagnostic codes and billing details, is extremely valuable. Without a comprehensive cybersecurity approach, the data is at risk of being intercepted, stolen or altered.
In fact, healthcare is the second-most attacked industry by hackers, after the government sector: nearly 40% of healthcare organizations are hit daily or weekly, with the average organization spending $1.4 million in cyberattack recovery.
As healthcare’s digital landscape continues to evolve—at an accelerated pace due to the pandemic—hackers exploit vulnerabilities in systems, operations, and people. Attacks do not come in one flavor and bad actors do not seek out a single vulnerability point. Both on the patient and provider side, via desktop or mobile access, users should go through proper verification steps to prevent unauthorized access to patient data.
Strategies for Secure Healthcare
Hackers can easily penetrate basic username and password login controls. Healthcare organizations can maintain security by employing a proactive, multilayered approach that takes into account the complexities of digital identity management and device vulnerability.
Step one of the process is understanding the link between disparate and mismatched patient records and security breaches. To protect the data, patient records need to be accurate and complete. Once each and every patient in the system has a single comprehensive record established, that person can be verified to reduce the likelihood of data breach.
Organizations can secure that one true patient identity through a multifactor authentication (MFA) framework, the baseline level of protection for patient data. Providers that rely on a variety of verification methods, such as knowledge-based questions, one-time passwords or emails, facial recognition, device analytics, and phone verification to authenticate users are most successful at thwarting cyberattacks.
The combinations of factors are chosen based on criticality of transactions so low-friction authentication tools can be placed at the beginning of a workflow, and higher friction options can be layered in if any of the earlier options uncover suspicious results.
Stay Functional, Stay Secure
Organizations will need to balance both security and patient engagement needs.
From telehealth visits to patient portal access, patients expect the convenience of anytime, anywhere access to their data and services such as appointment scheduling, viewing test results, paying bills and messaging with physicians. Ensuring easy access and convenience is vital for keeping patients engaged in their care and with their providers.
A multilayered approach to cybersecurity will allow healthcare providers to maintain a fully functional, friendly and secure healthcare environment – even during these unusual, pandemic circumstances.