Here’s some good news, of sorts: St. Louis-based Ascension has finally restored access to its electronic health records, more than three weeks after a May 8 ransomware attack.
While the provider is still largely relying on old-school paper records and manual procedures, progress is being made to reinstate its IT systems.
If Ascension’s recent misfortune doesn’t concern you as a long-term care provider, perhaps it should. Cyber criminals just brought a 140-hospital system to its knees. Imagine what they might do to you.
The sad reality is that these attacks are happening with increasing regularity, to providers of every sort. It’s not hard to see why. Given that so many operators have limited resources for cybersecurity, the pickings can be all too easy for those with larceny in their hearts. Data thefts can disrupt caregiving and cause massive financial losses.
There ought to be a law, you say? Yes, there should, or at least new fortifications. What’s on the books is flimsy at best. But these days, Congress is not exactly putting the work habits of the Seven Dwarfs to shame.
Still, that doesn’t mean there’s no help to be had. There is.
And in the interest of giving credit where it’s due, the Department of Health and Human Services recently revealed 10 tips (mostly of the common sense variety) that operators can use to protect sensitive information:
1. Establish a security culture: Cultivate a security-conscious organizational ethos with regular staff training and strict policies that raise awareness about potential threats and vulnerabilities.
2. Protect mobile devices: Safeguard laptops and smartphones to protect sensitive data as they pose significant security risks while providing easy access to electronic health records.
3. Maintain good computer habits: Just like maintaining good health, regular updates, patches, and vigilant maintenance practices keep systems robust against possible threats.
4. Use a firewall: Firewalls are critical for preventing unauthorized network access, acting as
a barrier to intrusions while anti-virus software handles existing malicious software.
5. Install and maintain anti-virus software: Up-to-date anti-virus software protects computers from a variety of cyber threats.
6. Plan for the unexpected: Have a solid backup and recovery plan to ensure essential health records are not lost during unexpected disasters.
7. Control access to protected health information: Configure your EHR system to grant access only to users with a “need to know,” requiring both username and password for authentication.
8. Use strong passwords and change them regularly: Strong, regularly updated passwords are a vital defense against unauthorized access, deterring attackers and protecting sensitive information.
9. Limit network Access: Limit peer-to-peer sharing and instant messaging, and secure wireless networks to protect against unauthorized network access.
10. Control physical access: Secure physical access to devices to prevent significant data breaches due to loss or theft.
By following these tips, long-term care facilities can enhance their cybersecurity measures, ensuring the protection of valuable health information and fostering a safer environment for all residents.
John O’Connor is editorial director for McKnight’s.
Opinions expressed in McKnight’s Long-Term Care News columns are not necessarily those of McKnight’s.
