Cybersecurity is one of the most prominent issues facing the healthcare industry today. According to the 2018 HIMSS Cybersecurity Survey, 76 percent of respondents say that their organizations experienced a significant security incident within the last 12 months.
A notable factor in the industry’s vulnerability is that many organizations — particularly smaller ones — lack the resources to build and deploy appropriate protections. To that end, senior care facilities are at an even greater risk than traditional healthcare organizations, as the former industry is less mature than the latter when it comes to security, according to a white paper published in December by the LeadingAge Center for Aging Services Technologies (CAST).
What’s more, older adults are some of the most susceptible individuals when it comes to online scams and attacks, according to Home Instead Care. With that in mind, what steps can senior care leaders take to keep pace with looming digital security threats?
Know How the Law Applies to Your Organization
Knowledge of the regulatory environment and is a good place to start for administrators. Senior care organizations must meet HIPAA compliance in the use, storage and dissemination of protected health information, meaning it behooves all leadership and staff to be well versed in the law, as well as any idiosyncrasies particular to the industry. At the Long-Term and Post-Acute Care Symposium at HIMSS 2018 in Las Vegas in March, MatrixCare Chief Transformation Officer Larry Wolf discussed some of the specific hurdles senior care organizations face regarding compliance.
“In some ways, the industry is held to more standards in terms of cybersecurity than others because we have people living in our care settings as residents,” Wolf said. “As residents, they have rights to privacy and to be treated with respect. Those things ought to drive how an organization thinks about privacy.”
In addition, he said, the senior care industry comprises many smaller organizations with a lot more outsourced technology.
Share Threat Information and Best Practices
It’s worth noting, however, that HIPAA compliance doesn’t necessarily equate to safety from hackers or inside threats; rather, it means an organization has taken precautions as stipulated by federal regulations.
Therefore, administrators not only must take typical steps to protect themselves — installation of firewalls and antivirus programs, and encryption of sensitive information — but they also should be willing to work with other organizations in the industry to share information and best practices pertaining to potential and looming threats.
Organizations also should make it a priority to educate their residents on cybersecurity. The more information seniors themselves have at their disposal, the better armed they’ll be in the event of a hack attack attempt.
“This is not a competitive advantage; we are all at risk,” Wolf said. “We all have to work together. The competitor down the street is your ally.”
Hackers tend to target entities that don’t have the proper safeguards in place. With a comprehensive plan in place and an open mind, a senior care organization can lower its digital security risk and potentially help others in the industry.