Protecting Health-Care Data Against Cyber Attacks

Like other organizations and agencies that depend on data, healthcare networks are vulnerable to potentially crippling cyberattacks. But they may lag behind other sectors in preparing for and combating data breaches, according a number of experts.

The subject was outlined in a series of articles and commentaries in the fall issue of Frontiers of Health Services Management, an official publication of the American College of Healthcare Executives (ACHE). The journal is published in the Lippincott portfolio by Wolters Kluwer.

“Cyberattacks pose a real threat that all healthcare leaders and boards can and must address with strategic plans of action to prevent vulnerabilities, minimize risk, and respond to incidents when they do occur,” wrote Frontiers Editor Trudy Land, FACHE, in an introductory editorial.

According to a news release from Wolters Kluwer, the new issue highlights two articles in which healthcare executives share their insights and experiences with building an effective cybersecurity strategy to protect valuable healthcare data. “From board trustees to frontline employees, everyone is held accountable for protecting the organization against cyberattacks,” wrote Dennis W. Pullin, FACHE, of Virtua health system in Marlton, N.J. “Cybersecurity is a team effort.”

Michael J. Reagin and Michael V. Gentry, FACHE, of Sentara Healthcare in Norfolk, Va., discussed the role of enterprise cybersecurity – i.e. working with an outside firm to build a security program.  “Partnering with a managed security services provider to build the key components of a program, rather than developing them completely in-house, can reduce costs and provide a higher level of expertise.”

In a commentary, Dane C. Peterson and colleagues of Emory Healthcare in Atlanta pointed out that the costs of cyberattacks include real risks to patient safety and quality of care. One study reported a significant increase in a hospital’s 30-day mortality rate for acute myocardial infarction, lasting for years after a cyberattack. The authors highlighted key components of the cybersecurity strategies outlined by the feature articles:

Third-party risks – ensuring that vendors are also taking cybersecurity seriously

Value of multifactor identification in limiting “both the likelihood and impact of data breaches”

Staff training (and follow-up) in recognizing phishing scans and protecting passwords

Effective security staffing models, including the importance of internal and external collaboration

“Cyberleadership” and culture, including engagement of senior leaders in a cybersecurity oversight committee

Governance and financing challenges, including the role of a Board-level IT committee

The editors and contributors hope that the cybersecurity-focused issue of Frontiers will increase awareness of the vulnerability to cyberattacks at every level of the healthcare system. “Through organization-wide training, leaders can raise critical security consciousness, explain the various threats, develop and disseminate policies and procedures, emphasize the severe consequences of an attack, and convey shared responsibility,” Trudy Land wrote. “In cybersecurity, everyone is a stakeholder.”

you may also like

Recipes We