“Does your hospice need to invest in cybersecurity training?” If your hospice service clients are honest, nearly all of them will answer that question with a resounding “Yes.” That investment is likely to include both time and money. Your clients have already taken one essential step with healthcare cybersecurity insurance. To help these clients avoid a claim, it is vital to understand the cybersecurity landscape for hospice providers.
Phishing Still Works
Phishing, luring a victim into disclosing sensitive information with a disguised email, remains an effective tool for cyber predators. In the spring of 2019, an intruder gained access to Midwest provider St. Croix Hospice for 18 days. A forensic investigation revealed an alarming exposure of patient data:
- Name, address, and Social Security number
- Financial information
- Health insurance details
- Medical history and treatment protocols
Several email accounts were compromised, so this intrusion was more than a single lapse from one hospice employee. The social engineering skills of modern cyber predators enable them to simulate legitimate emails down to logos and plausible sender names. Hospice workers are often pressed for time in a typical workday, so they are ideal targets for this scheme. Any effective cybersecurity training regime must include an up-to-date review of the latest phishing tactics.
Telehealth Opens Avenues of Attack
The 2020 response to the COVID-19 pandemic accelerated the move to telehealth solutions for home hospice service. Telehealth can include transmission of vital signs, video conferences with physicians, or anything in between. The common factor is the transfer of sensitive patient information. Preconfigured devices that use the cellular network are highly secure.
Problems begin when telehealth requires the internet. Virtual private network software adds a high level of security and is especially effective when installed on the router in a patient’s home. Multifactor identification with a hardware key can trump cyber predators’ password theft schemes. The newest generation of hardware keys can accept a thumbprint, eliminating password management headaches for patients. In the telehealth era, cybersecurity training must include aiding patients’ families in proper home network configuration.
Cybersecurity Is Patient Care
Healthcare professionals of all stripes are constantly training to keep up with advancements in their fields, and adding cybersecurity to that burden requires a careful approach. Teaching security has a laundry list of rules or arcane device configurations guarantees that caregivers’ eyes will glaze over. Data breaches can pose catastrophic dangers for patients, and that is why healthcare workers need cybersecurity training. Sound cyber practices are now as much a part of healthcare as checking vitals or administering medications. A passion for patient wellbeing drives hospice workers to push through the long hours and recognize that motivation is the foundation of a successful cyber training program.
Hospice caregivers take on a task most people would shun. The assistance you provide with healthcare cybersecurity risk management can help these clients fulfill their mission.
