Cybercriminals want what you have: patient health information. But there are ways you can protect your quality data from ransomware and other cyber attacks, according to Medisolv’s Phil Holmes.
Another week, another data security breach at a hospital or health system. Not only is immutable information (such as name and date of birth) valuable to cybercriminals; they also recognize how valuable that information is to the victim. The task of protecting your quality data may seem daunting given what’s at stake, but simple measures can protect yourself, your quality reporting responsibilities, your patients and your patients’ health data.
In this post, I’ll explain why hackers want what you have and how, if successful, they can affect your job. I’ll also outline some practical steps you can take to keep cyber attacks at bay and minimize the damage they might cause.
Cyberattacks Put Quality and Safety of Care at Risk
First, let’s take a brief look at the current level of cybersecurity threats facing your hospital or health system. This comes courtesy of a new survey from the College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS).
CHIME and AEHIS surveyed 60 chief information security officers (CISOs) who are members of either organization. Here’s what they said:
It’s clear from the CISO survey that the work of cybersecurity criminals can directly affect your work as a quality leader at a hospital or health system.
Why Cybercriminals Covet Patient Health Data
There are two reasons your stock and trade—patient health information—is so valuable to hackers.
The first one is permanency. Unlike your credit card number or phone number, we can’t change our Social Security numbers or names, which are parts of our medical records. Armed with this information, a cybercriminal can commit identity theft, allowing them to take out loans or credit cards in the victim’s name.
The second reason is the data’s value to the victim. Your hospital or health system needs access to patients’ health information so clinicians can provide safe and effective care. You need that data to fulfill your quality reporting responsibilities to CMS and other payers. Your hospital or health system also needs it so it can bill payers for services rendered. That all means that your organization would be willing to pay a hefty sum to get that health information back quickly. Cybercriminals know that, putting what you have at the top of their list.
Perhaps of most concern to you is the prospect of losing access to patient health information due to a ransomware attack. No matter if you lost access for 24 hours, a day, a week or a month, it would have serious consequences for you and your quality department. Your clinicians wouldn’t have the data they need to diagnose and treat patients. You wouldn’t have the data to build quality measures to submit to payers or accreditors. You would lose trend data to feed your quality-improvement programs. And if you got your data back, you wouldn’t know if its integrity was intact, which would soak up additional resources to rectify.
Seven Ways You Can Protect Your Quality Data
Given the consequences, it’s up to you and your quality department to do whatever you can to prevent a cybersecurity attack. Your department is particularly vulnerable to attacks because it spends most of its time on computers, which are the front doors to most hackers. What can you do? Here are seven recommendations.
Loop in Your Disaster Recovery Team Immediately
Obviously, no matter how much training you do, how many processes and protocols you follow and how strong your data security culture is, your patients’ data is still at risk. But knowing that is a strength.
Your hospital or health system should have a disaster recovery team in place, and you should notify that team immediately of a cybersecurity incident. Any delay is likely to inflict more damage to your organization’s IT infrastructure. Ideally, the disaster recovery team regularly tests its processes and procedures so that data recovery occurs with minimal delay when a breach does occur.
Securing and protecting your quality data is the responsibility of everyone in your hospital or health system—including you. By following the recommendations above, you can meet that responsibility and continue to provide the optimum level of care to your patients without interruption
Related: Learn more about the data privacy and security features embedded in ENCOR, Medisolv’s quality-improvement software platform.