- September 4, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Healthcare, Managed Detection and Response
2020 has certainly been risky but allowing patient-facing devices and apps to be unprotected might be riskier. As COVID-19 has singlehandedly changed the way in which providers & patients interact, the value of their data has remained just as valuable. Couple that with the fact that the Department of Health and Human Services’ Office for Civil Rights announced in March, that it will not impose penalties for noncompliance with HIPAA regulations against providers leveraging telehealth platforms 1 and you have a cybercriminal’s dream come true. Without security measures in place to protect patient safety as well as patient privacy, their data & information is still vulnerable.
The healthcare community does have a little breathing room since some of the major cyber attackers have vowed not to attack the industry during the pandemic. In fact, one notorious group called DoppelPaymer stated that “If we do it by mistake, we’ll decrypt for free.”2 However, the healthcare community should not become complacent as a result of this uncommon courtesy. Remember, those are major players in the hacking community, and they certainly do not speak for smaller or independent groups.
Because of the change in interactions between patients and providers, telemed platforms have had a major user boom. On one hand, the healthcare industry has had the opportunity to get in front of the telemed movement for years now. The FDA, HIPAA, HITRUST and many other Acts and Agencies have regulations in place to ensure patient safety, but not patient privacy. The reason being is that a large majority of those regulations relate to medical devices themselves (laptops, servers, and cloud devices) but are not extended to patient facing apps or devices (telemed platforms & other portals). On the other hand, no one could have predicted the unprecedented societal change we have endured.
After reading an article in the American Medical Association Journal of Ethics, an idea from 2014 still resonates, if not more than it did in 2014. The idea, in short, is that unsecure patient data creates a huge disparity in the quality of care to different socio-economic classes. Chronically ill patients are more likely to accept privacy risks when they perceive that the health benefits of using telehealth systems outweigh the risks involved in sharing their information.3 The use of technology isn’t supposed to inadvertently create disparities in the quality of care a patient receives based on their ability to ‘afford protection.’ And it is not the providers job to deliver care and cybersecurity. So where is the middle ground? Outsourcing. If the healthcare community is already adopting cybersecurity measures, finding the right solution could knock out two birds with one stone.
Fortunately, solving this disparity is not one that should take a strenuous amount of effort to achieve. At Steel Patriot Partners, our solution does just that. Unlike traditional MSP’s (managed security providers) or MSSP’s (managed security service providers) whose high costs do not guarantee a high-level of security. Our solution is rapidly deployable (in about 15 minutes), intuitive, and highly scalable. From the medical devices themselves to the personal devices used by executives and clinicians. This means that there is no disruption to daily operations, the interface is simple and easy to use, and as your company grows all it takes is a phone call to adjust the number of new devices you need protected.
Healthcare will continuously adapt and evolve and so too will the technology that is employed to assist providers in their efforts. Cybercriminals will continuously do the same as a direct correlation. So, if your organization is ahead of cybercriminals, the fear of the future will be a thing of the past. The evolution and the adoption of new technology will be just as exciting as it was when you got a new toy on Christmas – without a worry in the world of all the bad things that could happen. By outsourcing and deploying a security solution like what Steel Patriot Partners provides, patient safety and patient privacy go hand in hand.
If anything in this article struck your attention, please do not hesitate to reach out to us! We are real people, providing real solutions, to a real problem. Cybersecurity is our profession. Creating partnerships by way of education and empowerment is our passion. For more information regarding anything cybersecurity and healthcare, simply give us a follow on social media (Facebook, Twitter, LinkedIn), send us an email, give us a call at 703-297-4405 or contact us directly! Regardless of the method you choose, we look forward to hearing from you and – as always, we appreciate your time for reading this content! Stay blessed and stay secure!