Posts Tagged: cybersecurity

Healthcare Ransomware Attacks Cost Industry $21B in 2020

Posted March 9, 2021 by Beth Osborne & filed under Healthcare.

Healthcare ransomware attacks had a significant impact in 2020. New data reveals that the cost to the industry was nearly $21 billion. The 2020 numbers were the highest in the past five years. The pandemic was a catalyst for this increase. Let’s look at the why and how that delivered this unfortunate rise.

Ransomware in Healthcare Sees 470% Increase over 2019

In a report from Comparitech, the company aggregated data regarding healthcare ransomware attacks. They found 92 separate incidents, impacting over 600 clinics, hospitals, and organizations and over 18 million patient records.

One of the most prolific was the Blackbaud, a cloud software provider. This specific ransomware issue affected over 100 healthcare organizations and over 12 million patient records.

Tracking down every ransomware attack is challenging because HHS (U.S. Department of Health Services) only reports them if they impact more than 500 people. The report included those along with others that researchers were able to assess.

Downtime Was a Consequence

Downtime for any organization is costly in so many ways. When healthcare organizations don’t have sufficient business continuity or data backups, downtime risk becomes greater. The report discerned that downtime ranged significantly, affecting those with less frequent backups or paper-only systems. One healthcare entity lost its records after a ransomware attack.

In the company’s analysis, they hypothesize that ransomware caused 1,669 days of downtime for the industry. That’s over 40,000 hours!

Ransoms Varied and Some Organizations Paid Them

The gist of ransomware attacks is that cyber criminals request a ransom to give you back your data. They do this by stealing the data, copy it, and encrypt the data to prevent access.

Those amounts varied between $300,000 and $1.14 million. Some organizations paid it. In the Blackbaud incident, organizations paid out at least $2,112,744 to attackers.

Why Is the Healthcare Industry Vulnerable to Cyberattacks?

Unfortunately, healthcare is an easy target. The industry has highly sensitive data and can’t afford to have any downtime. While those attributes make it attractive to hackers, cybersecurity efforts in the industry aren’t at the same pace as others.

Some of the biggest challenges include outdated infrastructure, antiquated cybersecurity practices, on-premises systems, and failure to backup files. Risk rises when you use legacy systems to store patient files that are no longer updated or supported. Legacy systems have been a cause of cybersecurity incidents for some time. To mitigate this risk, you should consider archiving data to a secure, compliant repository so that you can decommission legacy systems for good.

Proactive Initiatives to Mitigate Healthcare Ransomware Attacks

In addition to moving away from legacy systems, healthcare organizations should also embrace the cloud. It’s more secure and flexible. They should also educate and train employees on best practices for cybersecurity. These sessions should be ongoing. With some healthcare workers still remote, this training should include securely working from home.

Additionally, healthcare entities should ensure that all their vendors follow best practices with their data. Third parties can be a back door for hackers. If a provider converts, migrates, shares, or archives your data, ensure they use the most advanced encryption and other proactive measures.

InfoWerks Takes Data Security Seriously

As a partner to healthcare, we take data security seriously. We have a high level of cybersecurity measures in place. All our processes and services support HIPAA and HITRUST compliance, as well. We’ve never had a breach in our company’s history. Learn more about data security protocols and HIPAA compliance requirements.

2021 Healthcare IT Trends: A Look Ahead

Posted December 30, 2020 by Beth Osborne & filed under Healthcare.

2020 will go down as one of the most disruptive years ever. The world of healthcare was upended by the pandemic, exposing many weaknesses in the healthcare IT ecosystem. The issues around interoperability were always present, and the year began with HHS and CMS attempting to solve them with the new interoperability rule. With 2020 in hindsight, what 2021 healthcare IT trends can the industry expect?

Digital Transformation Accelerates Even Faster

COVID-19 fast-tracked digital transformation for many healthcare systems and hospitals. Telehealth adoption soared as well as remote work. The new demands of a world where people needed to stay home accelerated the need to embrace healthcare digitization.

The transformation isn’t over. There are still many challenges that healthcare organizations face—bandwidth, regulations, costs, and more. However, in 2021, the role of healthcare IT and CIOs will continue to evolve and expand to achieve digital transformation.

Cybersecurity Threats Persist

Ransomware was the leading cybersecurity threat for healthcare in 2020. In October, six hospitals were hit in one day. The consequences of the ransomware shutdown systems and caused operational issues. These incidents and others uncovered vulnerabilities around redundancy and monitoring.

In 2021, healthcare IT leaders will need to improve their cybersecurity posture with a proactive approach. The thinking must move from “if” to “when.” A possible response to this 2021 IT healthcare trend is to leverage new tools like AI to thwart cyber-attacks. Additionally, organizations will need to rethink business continuity practices so that they never lose their data.

Telemedicine Will Become the Norm

Telemedicine had not taken off until it became mandatory. The move also meant that CMS expanded coverage to 85 new services for telehealth. That move made telemedicine more accessible, yet challenges remain. These include lack of broadband internet, interoperability, and integration.

Look for providers and telehealth platforms to work on these issues to perfect the model. Patients will also have a higher demand for the services, especially those with chronic conditions. The industry could see a hybrid care model for patients, limiting in-person appointments, and shifting to telehealth when possible for convenience. Finally, telehealth could encourage more people to keep up with regular visits since they can do so from the comfort of their homes.

EHRs Evolve to Meet New Demands

EHRs have been around for over two decades. They seem to be in a constant stage of reiteration. Both the interoperability rule and the pandemic made these iterations more rapid. In the new year, EHR giants will capitalize on even more technology advances, such as integrating virtual assistants, using AI, and moving toward easy, secure data exchanges.

Big Data Management Becomes More Prominent

Managing healthcare big data isn’t a new trend, but after 2020, it’s a bigger priority for healthcare providers and payers. Looking at healthcare data related to COVID-19, it’s very clear to see the mismanagement of it. The need, moving forward, is for centralization, security, and management. In response, Microsoft, Amazon, and Google all have healthcare-specific clouds.

By using AI engines and advanced technology, big data can deliver insights that lead to better decision-making and care delivery for the greater public and on an individual basis. Right now, the data is more reactive. Where the industry needs to move to is delivering predictive analytics.

The Patient Experience

The interoperability rule, as well as proposed HIPAA changes, emphasize the patient experience. It’s about giving them better and easier access to their patient records. The objective is to transition to value-based care and motivate consumers to be more involved in their health. These drivers will lead to more consumer-friendly apps where patients can view records, make appointments, communicate with clinicians, and more.

The industry could see partnerships with big tech to make this possible. In October, Google launched a healthcare interoperability readiness program to assist healthcare organizations with compliance with the rule and deliver better experiences.

2021 Healthcare IT Trends: What’s on Your Radar?

As you prepare for 2021, what healthcare IT trends are on your radar? Do you have concerns around interoperability, big data, compliance, or redundancy? InfoWerks can likely help—we’re experts in healthcare data management. Explore all we can do for you.

Is Your Patient Data Archive Safe?

Posted June 18, 2020 by Beth Osborne & filed under Healthcare.

Keeping patient data safe and accessible is critical for every healthcare organization. Problems often occur when you keep a legacy system running to store your patient data archive. It seems like an innocuous decision. But as many have learned too late, it heightens the risk of a cyberattack.

Colorado Hospital Loses Records After Ransomware Attack

This scenario played out for a Colorado hospital. A ransomware attack wiped out over five years of patient medical records.

The incident was specific to their legacy EHR. It didn’t infect the EHR database bur rather the proprietary software required to read those records.

The hospital announced the breach to its patients and its new protocols on security. They were able to recover some files via backups. Other records remain lost at the time.

This story illustrates the threat of legacy systems. The consequences include the breach, which could mean exposure of personal information. In addition, the loss of records may impact continuity of care.

What’s Wrong with Legacy Systems?

It’s common practice for entities to keep legacy systems running as a means of storage. Medical record retention laws define how long you need to preserve certain records. To make it “easier” during a data conversion, many opt not to migrate all data.

Converting all data when you switch to a new health information system (HIS) is understandable. Why drag old files to a new system? Except, depending on a legacy system as a secure custodian of records leaves you open to cyberattacks.

If you don’t continue to update and maintain legacy systems, there will eventually be cracks. Cybercriminals only need a slight one to find a way to penetrate.

On top of the security risk, legacy systems are expensive and hard to navigate. It’s not an ideal solution. Many believe it’s the only one.

There’s a Better Way to Archive Patient Data

To avoid a ransomware attack and data breach, you should know two things.

First, you need to ditch your legacy system. Instead, you should seek a medical record archiving application. With a web-based system, it’s accessible from any browser. Such a tool should follow all compliance mandates. It should also be easy to use.

With this transaction viewing solution, you can search and filter. It provides a way to run reports for audits or record requests. Further, it must use advanced information security protocols like encryption.

Second, you need to have a third-party, cloud-based backup of historical data. The hospital, in question, does remark there was a partial recovery via backups. However, the story suggests its backup policies may not have been consistent.

Backup shouldn’t be something you have to worry about. It should be part of your archiving solution. Anybody can offer you a backup product. Scrutinize your options, asking things like:

Does the cloud storage use encryption?
Does the data center undergo regular risk assessments?
What is the uptime average?
Does the data center meet certain certifications? (HIPAA, HITRUST, SOC 1, 2, & 3, etc.)

Ensure the Security of Your Patient Data Archive with ViewMaster

ViewMaster, our proprietary transaction tool, makes archiving simple. Its intuitive design means it’s user-friendly, so you can find what you need fast.

Unlike legacy systems, ViewMaster doesn’t have maintenance fees. It’s a platform that helps you meet record retention requirements and is completely secure. Plus, it comes with offsite backup in the cloud.

It solves all the problems of traditional patient archives. We invite you to see how it. Watch the video and request a five-minute demo today.