Healthcare facilities are continually battling conflicting priorities. Customers demand that hospitals deliver high-quality patient care while ensuring patient safety, meeting regulatory demands, and maintaining facility security.
And they expect them to do it – with stretched resources. Treating patients is far from the only concern that hospitals are facing today.
Threats in the hospital
Medical facilities are also dealing with ever-growing threats to patients (physical and otherwise) as well as their information. With data and technology now an integral part of healthcare, cyber attacks occur more often than threats of physical violence to patients and staff. But hospitals must be prepared to deal with both.
Patients are more concerned than ever about their personal data security. A report from TRUSTe and the National Cybersecurity Alliance showed that while 74% of consumers trust their information with healthcare providers, up to 90% of them worry about their privacy online and the risks that come with disclosing personal information.
Let’s have a look at some of the threats that hospitals face and how they are moving to protect patients, staff and their valuable data
Hospitals are vulnerable to violence and crime from and directed towards visitors, patients, and occasionally their own staff members. Some of the top physical security issues that hospitals face today include:
- Abuse and battery towards hospital staff – This is the most common type of abuse that occurs in hospitals, with 80% of serious violent incidents reported caused by interactions between patients and medical staff.
- Active assailant attacks – Hospitals also face the risk of active assailant attacks that pose a threat to the life of patients, medical staff and visitors. Between the year 2000 and 2015, there were a reported 241 hospital shootings, according to researchers at Brown University.
- Infant abductions – The National Center for Missing and Exploited children notes that 135 cases of infant abductions from healthcare facilities occurred between 1965 and 2017. The majority of these (79%) happened in the mother’s hospital room.
- Property and Supplies Theft – Medical supplies, food, drugs, and equipment are part of the list of items stolen from hospitals by staff, patients and even visitors. The result is often costly for medical facilities. Hospital theft is often a great indication of a vulnerable security system.
Considering that healthcare facilities are often open 24/7, ensuring hospital security must be a priority. The answer to these physical threats lies in understanding the internal and external threats that they could potentially face. This plays a critical step in helping them improve security measures and systems across the facility to ensure everyone’s safety and smooth operations.
Steps hospitals can take to help ensure physical safety
Hospitals must, at a minimum, do the following:
- Invest in professional security camera systems with remote viewing capabilities
- Equip their security staff with the latest in security devices like two-way radios for easy communication
- Train their staff to handle physical threats
- Add ID card security clearance systems for all medical staff, patients, and visitors coming in and out of the facility
Data breaches are a top developing threat
The healthcare industry has quickly embraced electronic records and data tracking innovations to make it easier and faster for consultants, vendors, and third-parties to access patient information efficiently. Unfortunately, this has created new patient privacy and data loss concerns.
Data breaches and network disruptions are the top concern for healthcare facilities today, as they can easily jeopardize security, operations, financial stability, and reputation.
A look at some of the biggest healthcare data breaches of 2018 will show you how serious this issue has become. For instance, UnityPoint Health had 1.4 million patient records breached through a phishing attack. It was the largest biggest healthcare data breach in the U.S. in 2018.
Cybercriminals are becoming more sophisticated.
Steps hospitals can take to protect data
To protect patients and their information against the ever-growing threat of data breaches, hospitals must be ready to embrace the latest data privacy regulations and be aware of the threats that data storage and access to healthcare systems pose.
Here’s what hospitals should do to ensure better data security and improve overall IT security:
- Conduct a risk assessment of IT systems
- Provide continuing education about HIPAA regulations to all hospital staff
- Monitor all electronic devices and records across the facility
- Encrypt patient data and hardware used to access the data
- Create sub-networks for more sensitive patient information
- Manage identity and access more strictly in healthcare systems
- Develop a strict BYOD policy to prevent internal data breaches
- Scrutinize service-level medical agreements carefully when moving data to the cloud
- Establishing an organizational-wide policy of open communication and transparency
- Hold top executives accountable for IT security policies
- Establish a reliable legal counsel (in the event of a data breach)
Why cybersecurity matters for hospitals
With growing threats like ransomware and malware, cloud threats, misleading websites, phishing attacks, insider threats from employees, encryption blind spots, and vulnerabilities in IoT medical devices, it’s easy to see why cybersecurity matters for healthcare facilities.
Data breaches can cause huge financial losses, cost hospitals their reputation and lead to heavy penalties for non-compliance.
The frequency of cyber attacks is increasing every day – it’s no longer a matter of “if” but “when” they’ll happen to your facility. To protect patients and their information, hospitals need to embrace cybersecurity best practices.
Cybersecurity best practices
These practices include:
- Establishing a strong security culture across the organizational structure
- Protecting all mobile devices that access sensitive patent information
- Planning for the unexpected, such as having backups of all information
- Having a firewall and investing in the best antivirus software
- Using strong passwords and embracing options like two-factor authentication
- Limiting network access to authorized personnel only
- Controlling physical access through surveillance monitoring
- Having a skilled cybersecurity team and the resources they need in place
- Staying up-to-date with evolving cybersecurity threats
- Investment in detection and mitigation tools to protect against unknown threats
The bottom line
Healthcare facilities continually face both physical and cyber threats even as they gather and store more patient data than ever before. Hospitals must be prepared to protect both patients and their information.
The truth is, most healthcare facilities are not keeping up with the latest security standards and infrastructure. Despite the industry promising a lot in terms of innovative technology, medical advances, telemedicine, healthcare apps, and AI-driven diagnosis, we still have a long way to go to boost patient confidence in health facilities and the way they handle both safety and privacy.
By ensuring more transparency when handling patient data, communicating security measures to patients, establishing strict behavioral policies for all personnel, emphasizing on employee education, and developing data security and breach response policies, hospitals can be better equipped to deal with any threats, and ultimately protect patients and their information.
It’s a lot to do, but it must be done.