Step up EHR security to prevent data breaches and ransomware
Cyber threats swirl around healthcare practices. As conflicts mount overseas, the need to bolster EHR cybersecurity takes precedence.
This situation comes after growing cybercriminal organizations, combined with the COVID-19 pandemic, caused a sharp rise in breaches and healthcare ransomware attacks across the industry.
In this blog we explore why threats like breaches and healthcare ransomware attacks exist and what you can do to improve EHR cybersecurity for your practice.
“That’s what makes health records valuable — not always the record itself, but what you can do with the information.”Brian Bobo, Chief Digital Officer, Greenway Health
The most valuable record
You probably know healthcare records are valuable to cybercriminals, but do you know why?
It’s not just the patient health information (PHI) the record contains, but the other information that accompanies PHI, such as addresses, birth dates, social security numbers, and even more obscure data such as insurance policy numbers, all of which someone can use to impersonate you.
“Or, that person can use it to send you a realistic phish email, knowing what no one else knows,” said Brian Bobo, Chief Digital Officer at Greenway. “That’s what makes health records valuable — not always the record itself, but what you can do with the information.”
The high cost of a record is what makes the average healthcare industry breach so expensive. In 2021, the average cost of a healthcare breach was $9.23 million, up 29.5% from $7.13 million the year before, according to the IBM Cost of a Data Breach Report 2021.
Meanwhile, the number of healthcare breaches continues to skyrocket. Attacks affected 45 million people in 2021, compared with 34 million in 2020, according to a report by Critical Insights based on U.S. Department of Health and Human Services (HHS) breach data. What’s more, the number has more than tripled since 2018, when it was 14 million.
Time to be vigilant about EHR cybersecurity
If cybercrime had been little more than a passing concern for your practice, now — in an era of rising global conflict — is the time to take threats seriously.
Here are a few steps your practice can take to prepare:
- Review cyber awareness with employees
- Scrutinize potential phishing emails
- Look into cyber insurance, which may be hard to obtain, but can help a practice
Ransomware attacks on healthcare
Healthcare ransomware attacks have become more common in recent years, and in many cases have caused significant damage. At least 91 U.S. healthcare organizations fell victim to a ransomware attack in 2020, according to a May 2021 HIPAA Journal report.
This is compared to 50 healthcare organizations that fell victim in 2019. Ransomware is a variety of malware that uses encryption to block access to files until a ransom is paid. When healthcare ransomware strikes, it can slow systems and processes and put lives at risk.
Security in the cloud
Practices concerned about security may also consider moving from their on-premise server to a cloud-based solution, if they have not already.
“Practices with an on-premise server have responsibility for monitoring their software and systems,” Brian said. “If you move into the cloud, then we take a lot of that burden off of you.”
In general, practices with limited infrastructure and IT teams are better positioned to secure data using a cloud-based solution than on their own.
Some practices with an on-premise server may have concerns about internet access in rural locations, or be hesitant to overturn existing processes. “Your concerns about moving to the cloud are valid,” Brian said. “Everyone has unique issues. I would encourage you to talk to us and see what we can do for you.”
Still, the practice that remains with an on-premise server must consider the necessary investment in security, as well as what it will take to make sure everything is up and running. Here, the total ROI of going to the cloud may be considered. Securing on-premise technology comes at a significant additional cost to a practice — a cost it could avoid in the cloud.
Here are a few other benefits of the cloud:
- Disaster recovery: If you’re concerned about hurricanes, tornados, or other disasters, you can rest easy knowing your cloud-based solution provides fault tolerance.
- Maintenance: A cloud solutions provider can handle maintenance, sparing you hardware costs or the need to rely on local backups.
- Version upgrades: With a cloud-based solution, you can stay up to date on both EHR software and operating systems releases, alleviating version issues or vulnerabilities.
- 24/7 monitoring: Real-time monitoring accounts for operational and application performance and may be available to you via high-speed internet from anywhere.
- System patching: Automatic application and service pack updates will not interrupt operations. As a result, you have fewer costs, as well as fewer tasks to manage, than with an on-premise server.
- Secure servers: You can use systems that protect you from cybercriminals, malware, and other threats.
Focus on what you do best
“Your concerns about moving to the cloud are valid. Everyone has unique issues. I would encourage you to talk to us and see what we can do for you.”Brian Bobo, Chief Digital Officer, Greenway Health
There aren’t many small practices that can manage security and hardware requirements as well as a cloud service. A cloud-based EHR provider can go above and beyond when it comes to security, with best of breed systems to prevent, detect, and isolate attacks.
“As a small practice, or even a big practice, your business is providing healthcare,” Brian said. “Let us take care of technology so you can focus on providing great care to patients.”
Learn more about EHR cybersecurity with our best practices guide to securing patient data.
Discover more cybersecurity tips in our Knowledge Center
Benefits of a cloud-based EHR vs. server: Which is best?
Moving to a cloud-based EHR? Repurpose your IT Team
Running outdated software? Upgrade your EHR now to boost security
