By Chris Walls, Pulse Inc.
Protecting patient data has become as important as protecting patients’ lives in an era of increased cybersecurity threats in healthcare, particularly for physician practices, which are especially vulnerable to attack.
Today, many physician practices subjected to a ransomware attack pay the fine simply because they can’t afford disruptions in care when patients’ lives are at risk. With a 50 percent increase in healthcare cyberattacks this year, all healthcare organizations are a potential target. But physician practices, especially smaller practices, typically do not have the resources to afford large, complex data storage centers or dedicated IT staff to keep up with installing the latest security updates.
A do-it-yourself approach to IT security is no longer sufficient for physician practices. Instead, a proactive approach to data security should include the following best practices.
Strengthen your cloud capabilities. Cloud technology offers access to the latest security tools and patches, and is an economically affordable approach to cybertheft protection. Seventy-five percent of healthcare providers plan to use cloud technologies within a year, according to a 2017 HIMSS survey. But not all cloud applications are equal. Some offer higher levels of security protection than others.
Practices should keep these key security considerations in mind when investing in a cloud solution:
Invest in a hybrid solution: a part-cloud, part-on-premise approach. Some legacy systems do not lend themselves to a cloud approach as well as others. A recent survey of IT decision makers found 91 percent believe their organization’s cloud capabilities are limited by legacy network infrastructure, which limits their ability to leverage cloud applications’ full potential. Additionally, some cloud solutions are less economical than others, and it may not be financially feasible for a physician practice to turn all its data and software applications to the cloud.
When deciding which applications should be cloud-based, physician practices must weigh the benefits according to three factors:
Conduct a security risk assessment to determine your practice’s greatest security vulnerabilities, and determine your approach based on the findings. This is a significant step in a heightened-risk environment. A large physician practice may be able to conduct a risk assessment using its IT staff and online risk-assessment tools from HIMSS or the Office of the National Coordinator for Health IT as a guide. Small practices should hire a security services provider to make this assessment. It’s important to conduct an IT security risk assessment once a year.
Additionally, reach out to the vendors you currently use and ask them to make an assessment for free. This feedback could supplement a paid assessment while providing a relationship-building opportunity for the vendor. Recommendations from a trusted vendor could then inform your organization’s approach.
Protecting Your Practice—And Your Patients
In an era where the value of medical data makes physician practices an easy target for cyberthieves, physicians can’t leave their IT security to chance. It’s no longer enough to hire a single IT resource to manage protection of patient data. The number of new threats continually emerging means everyone in the organization—from practice leaders to front-desk staff—must be empowered to protect their data from attack.
Ask the IT vendors you partner with for tips on best practices and suggestions on better protecting IT systems, the inside of your facility and your external perimeter from attack. Vendors visit multiple healthcare organizations each month and will have their pulse on emerging threats and best practices for protecting your organization’s data. Be open to evolving your approach as the environment changes. Staying nimble will better position your practice to respond with agility when new threats call for quick response.
About The Author
Chris Walls is President and CEO of Pulse.