Cyber security: 4 key areas to focus on to keep your SNF’s data safe

What motivates cybercriminals is access to valuable information that can be sold on the black market. As it turns out, medical record data is of the highest value. You may think that the social security number (SSN) or medical record number is all they are after, but that is not the case. Gaining access to insurance information, medication information, and any financial data can provide more return for the criminal than you could imagine. Unfortunately, criminals have been using the COVID19 pandemic as a way to lure unsuspecting users to gain access to this kind of information. Don’t fall victim to common schemes, protect yourself by reading the four things your facility can focus on to stay safe.

Focus on these four areas to keep your SNF safe:

• Operationalize: make cybersecurity part of your business plan

The COVID19 pandemic has forced even more change in business plans and providers see a significant increase in attempted attacks. Cybersecurity may be an oversight, or you may assume the IT team has it covered. However, it’s in your best interest to make sure cybersecurity is called out in your business plan. You must also factor in your third-party vendors and partners and ensure that their policies align with your strategy.

Be sure to assess operational needs using the same methodology as other initiatives: people, process, and technology. The people component may not always be as obvious thanks to new threats emerging from environmental changes. Processes are affected in just about every way, so it is important to look at all processes through the lens of cybersecurity. The most impactful areas for process improvement are those who interact with computers (and other technologies). The threats are also with mobile devices, remote monitoring tools and devices, and any other source where data can be accessed or shared.

• Culture: make education and awareness a priority

To implement an effective cybersecurity strategy, you should ensure the mindset is woven into the culture of the organization. This is especially important since some providers believe that only 50% of their staff take it seriously. If this assumption holds true to your organization, you will want to incorporate cybersecurity as part of your education and awareness plan.

Most providers understand that education is a great investment. For those who have successfully implemented Learning Management Systems (LMS), you have a great start to complement this with education around cybersecurity. Because it is so prevalent, there are many resources and tools available to train your staff. Begin by familiarizing yourself with the key terminology used. This will help you understand the value of the components. Here are some to get you started:

• Malware
• Spyware
• Phishing
• Encryption
• Intrusion detection system (IDS)
• Intrusion prevention system (IPS)

Map out education needs for onboarding, professional training, everyday use of computers, emails, and use of mobile devices. This education does not replace HIPAA training, it is additional (often role-based) education your staff will need. Do your research and make the commitment to invest in education of your staff, they are your greatest asset.

• Become “tech vigilant” by embracing technology

There is a difference between being tech-savvy and tech vigilant. We define tech vigilance as overcoming the vulnerabilities that threatened your business by leveraging technology. It’s a mindset that should be woven into the culture of the organization, starting with the leadership team. So, what does it mean to be tech vigilant?

• Conduct a security assessment for your organization. If outsourcing, be very diligent. Out of hospital providers tend to lag when it comes to cybersecurity best practices, so know that the 3^rd party vendors do not necessarily have the experience either. It is a good idea to get a reference from other industries, like hospitals or banks.
• Know the triple A’s
  • Acknowledge you are vulnerable
  • Anticipate attacks
  • Act with vigilance to secure your business
• Be wise and Invest in useful technologies and in security staff.
• Pay attention to front line defenses such as web and email
• Hold all business associates, 3^rd parties, and partners accountable. Be cautious and know that the C-suite is a primary target in healthcare.
• Do not overlook Internet-enabled medical devices.
• Obtain cyber liability insurance and be sure to stay abreast while planning for the future.

• Transition to a secure care delivery model: cybersecurity affects your outcome

It goes without saying that providing care is the number one priority for facilities. Because the demand for more efficient care has preoccupied the minds of leaders, the adoption of new technology has been incorporated into care models. Cyber threats prevail even more. Leaders in out of hospital care need to think of their care delivery in a different way. Those who understand cybersecurity have transitioned to a secure care model.

A secure care model is a care delivery approach that will account for the role technology will play, but also builds in security protocols without compromising the quality of care. To accomplish that, leaders must understand the technology threats. Some areas that have been enhanced to ensure a secure care delivery are below:

• Use of email and text
• Clinical documentation
• Mobile charting.
• Remote patient monitoring (RPM)
• Telehealth
• Care coordination portals

Learn more about the MatrixCare security program and adopt some of our strategies.

References:

• https://www.hhs.gov/sites/default/files/covid-19-cyber-threats.pdf
• https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html
• https://www.leadingage.org/cast/new-hhs-resource-helps-snfs-increase-cybersecurity
• https://www.leadingage.org/center-aging-services-technologies
• https://www.mcknights.com/marketplace/is-your-long-term-care-cybersecurity-up-to-scratch/