Introduction
The purpose of this point paper is to explain the importance of implementing cybersecurity strategies for healthcare organizations that currently adopt information technologies based on the case of ransomware attacks. Our intention is to sell the technological tools for telemedicine services, as well as provide guidance on the ways of managing electronic medical records (EMR).
Background
In recent years, there was a notable evolution in the successful adoption of information technologies by healthcare organizations. The most evident examples include successful transition towards providing healthcare services using telemedicine tools, effective implementation of the electronic records management strategies in hospitals, as well as remote patient-centered care practices (Jalali & Kaiser, 2018). However, with the proliferation of IT in healthcare, the industry became a target for purposeful cyberattacks aimed at retrieving financial and personal data given its people-oriented area of services. Specifically, it relates to the risk of patients or healthcare practitioners being extorted to providing information related to credit card accounts or personal data using ransomware attacks. Since the use of IT security in a healthcare environment is a comparatively new effort, it is required to propose and implement a specific strategy to protect patients and hospital staff from the aforementioned threat.
Problem Statement
The need for remote healthcare services has been recognized for a long among healthcare workers. Specifically, it was acknowledged as a solution for providing nursing care for elderly patients and outpatients pursuing treatment at home locations. However, following the common network authentication practices, remote communication requires creating user accounts and logging into the network, which might be insecure. Vulnerable networks are exploited by cyberterrorists to retrieve unprotected data and initiate ransomware attacks that ask users to pay a ransom before continuing virtual communication, further blocking user panel access before the payment is transferred (Dameff et al., 2019). The elderly patients not familiar with current cyber threats might be easily tricked to accept such requests, which will result in unsolicited access to their credit cards. Alternatively, hospital staff not trained in security management might be tempted to resolve such issues through an operating system reboot, which eventually helps intruders to access the internal hospital network and modify medical records. Hence, the purpose is to provide a secure and reliable solution for the patients through hospital network optimization, 24/7 technical support, and user training.
Potential Solutions
The following solutions were identified as the potential ways to resist ransomware attacks in a healthcare environment by Divinity IT:
- Regardless of the size of a healthcare facility, there should be a local authority responsible for cybersecurity management, who provides audit and suggests guidelines for network protection improvements (a Divinity IT representative).
- All software used for telemedicine conferences, EMR management, and related online activities should be trustworthy and firewall-protected. Frequent security updates and alert notifications should be aligned with software providers verified by Divinity IT.
- Patients should be instructed with the guidelines for remote telemedicine participation and trained on identifying potential ransomware attacks. For the elderly patients, this responsibility should be assigned either to responsible nurse practitioners or family caregivers.
Recommendations
Since the type and cause of ransomware attacks could be unpredictable with the increasing complexity of cyberterrorism efforts, it is also recommended to maintain the following precautions. First, healthcare staff should consult with the assigned Divinity IT security specialist regarding the problem that seems like a ransomware attack before performing any actions individually. It might eventually prevent the severity of the attack if one is already initiated. Second, it is important to train patients and caregivers regarding the unusual message prompt or pop-up windows showing up before or during the conversation, eventually asking to stop the meeting and cross-check the risks of an attack. Third, it is recommended to use the latest security protection software, which will be certainly supplied by Divinity IT to the staff while not surely available for the patients. Finally, any unusual intermediate activities related to EMR management should be reported to cybersecurity specialists by filling in and submitting the incident report form.
References
Dameff, C., Pfeffer, M.A., & Longhurst, C.A. (2019). Cybersecurity implications for hospital quality. Health Services Research, 54(5), 969-970. Web.
Jalali, M.S., & Kaiser, J.P. (2018). Cybersecurity in hospitals: A systematic, organizational perspective. Journal of Medical Internet Research, 20(5), e10059. Web.