Cybersecurity is Not Just a Buzz Word, It’s a Real Threat

You’ve decided you do, indeed, need an emergency response plan. You’ve planned an evacuation route, you’ve discussed power failures, and you’ve educated your staff on the plan. You’ve even scheduled a disaster exercise. You’re ready for everything, right?

Have you considered your health care facility’s cybersecurity?

Probably not. Because it’s not something that is discussed very often. However, it’s incredibly important, and something that has been pushed into the limelight the past few years. Recently, Steve Curren, director of the Division of Resilience in the Office of Emergency Management, part of the U.S. Health and Human Services Department’s Office of the Assistant Secretary for Preparedness and Response spoke with GovTech on this issue.
“We have seen in recent years an escalation in the risk to health-care organizations from cyber threats. Since 2014, we have had 10 distinct breach incidents of health-care organizations where the breach resulted in the compromising of more than 1 million patient records.”
It’s not simple to protect against cyber threats, but they cannot be ignored. This is an area where attention needs to be paid.
Imagine if none of the electronics in the building worked. What would happen? You wouldn’t be able to access any charts, admit or discharge anyone, check allergies, check medication schedules. You may not even be able to open doors or let people into the facility. It would be a real problem. One you need to prepare for.

What can you do?

The first step, just as with any problem, is to address it. Now that you know cyber threats are a problem, you can’t ignore it. It’s time to educate your staff and talk to the people in IT. Everyone needs to be aware of this and be prepared. In fact, it may be time to find someone else to deal with this problem for you. There are several companies who offer cybersecurity audits and testing services that are specific to health care organizations.
But don’t get caught up in this, just as you don’t need to be an expert in fire suppression, you don’t need to be an expert in cybersecurity. You need to know enough about it to hire someone to do it for you. Take into account that your systems will go down at a critical moment, and make a plan to operate while someone else fixes it.
It’s also important to have a simple way to check your cybersecurity. The more bells and whistles you have, the harder it is to maintain. While having an electronic entry to the building seems very secure, it can easily backfire if you lose power or if you are hacked.
Develop a way to keep your staff aware. Limit the use of thumb drives and downloads on common computers. Make sure everyone has cybersecurity training before they can access any devices. Encourage them to only use what is necessary. And most importantly, take updates seriously.
Working together, a facility can overcome any disaster, even a cyber attack. But there must be a plan in place.
Categories: Healthcare
Topics: Preparedness

Find Articles by:

  • We'd Love to Hear Your Comments


    Related Articles: CMS Rules for Healthcare Providers

    Annual Review of Emergency Preparedness Plan

        by Rick Christ Current CMS Emergency Preparedness Conditions of Participation require an annual review of your emergency preparedness plan. Under the proposed rule, the plan “must be evaluated and updated at least every 2 years.” Not in the rule, but in the...

    Why We Support More Detailed Exercise Standards

        by Rick Christ Currently, almost every provider type is required to participate in two exercises per year. One “should be” a “community full-scale exercise” while the other can be a tabletop. The original version of the current exercise standards was clearly...

    Do the Proposed Changes to Training Make Sense?

        by Rick Christ Currently, the typical CMS regulation says this about the training requirement: The training and testing program must be reviewed and updated at least annually. (1) Training program. The hospital must do all of the following:(i) Initial training in...

    What You Need to Know About the Proposed Rule Changes to CMS

        by Rick Christ Barely ten months into the enforcement period of the Emergency Preparedness Conditions of Participation, the Centers for Medicare and Medicaid Services (CMS) is proposing some rule changes that would “reform Medicare regulations that are identified...

    Our Newsletter

    Remember, we will NEVER share your email address or SPAM you.
    You may unsubscribe at any time.