It’s Time To Step Up EHR Security To Prevent Data Breaches and Ransomware

Brian Bobo

By Brian Bobo, chief digital officer, Greenway Health.

Healthcare ransomware attacks have become more common in recent years, and in many cases, caused considerable damage. At least 148 U.S. healthcare organizations fell victim to a ransomware attack in 2021, the most attacked industry, according to a March 2022 HIPAA Journal report.

With increasing threats from overseas, growing cybercriminal organizations, and the COVID-19 pandemic, it’s no surprise a sharp rise in breaches and healthcare ransomware attacks has occurred across the healthcare ecosystem.

As the situation grows more volatile, it’s vital to understand why threats like breaches and healthcare ransomware attacks exist and ways ambulatory practices can work to reduce cybersecurity risks.

The Most Valuable Record

It’s not just because the patient health information (PHI) the record contains that makes it valuable to cybercriminals, but the other information that accompanies PHI, such as addresses, birth dates, social security numbers, and even more obscure data such as insurance policy numbers, all of which someone can use to impersonate patients and commit identity theft.

With this stolen information, a cybercriminal can more easily steal someone’s identity because they now know important information no one else does. It’s what makes health records so valuable — not always the record itself, but what can be done with the information.

The average healthcare industry breach is so expensive because of the costs of remediation, recovery legal actions, and regulatory fines. In 2021, the average cost of a healthcare breach was $9.23 million, up 29.5% from $7.13 million the previous year, according to IBM Cost of a Data Breach Report 2021.

Taking it a step further, by failing to keep patient records private, an ambulatory practice could face substantial penalties under HIPAA’s Privacy and Security Rules, cause potential harm to its reputation, and patient safety can be severely impacted. A hacker’s access to private patient data not only opens the door to steal information but they can possibly even alter the data — severely impacting patient health and outcomes.

It’s Time to be Vigilant About EHR Cybersecurity

In an era of rising global conflict, it’s time to take threats seriously. Here are a few simple starting steps your practice can take to prepare:

Ambulatory practices with limited infrastructure and IT teams concerned about security should also consider moving from their on-premise servers to a cloud-based solution.

Practices with an on-premise server have the responsibility to always monitor, update, and patch against potential threats within their own systems. They must consider the necessary investment in security, as well as what it will take to make sure everything is up and running — a cost easily avoidable in the cloud.

Here are a few additional benefits of the cloud:

Protecting ambulatory practices against cyber threats is not an easy job in today’s climate. Small and medium-sized practices often lack the capability to protect themselves against new cyber criminals and tactics. That’s why it’s important to make strategic investments and undertake specific basic measures, ensuring a stronger defense.


Write a Comment

Your email address will not be published. Required fields are marked *