Tuesday, November 12, 2019

Cybersecurity, Ransomware & Planning Resources

Steven Chies 

Last month, there was a data breach reported in the media that detailed a ransomware demand from a hospital system in Alabama that includes a post-acute care facility.  The hospital shut down new admissions and transferred patients due to the inability to access electronic health records.  Unfortunately, this is not a single occurrence – data breaches have been occurring at an increasing rate in the past few years. As the use of electronic health records has become a necessary tool for facility operators to function, the loss of access could create serious operational issues for long term and post-acute providers.

We want to make you aware of this threat and encourage you to access tools and resources to help prevent it from happening.

What can you do?

Facilities should prepare a cybersecurity plan to address these potentially damaging occurrences.  The Homeland Security’s Cybersecurity and Infrastructure Security Agency website here has considerable information on protection, reporting, and other topics to assist your planning. 

The agency and other experts in cybersecurity have recommended several basic actions for all health care providers to consider as part of their risk assessment and management responsibility.  They are:

  1. Evaluate the current infrastructure the organization has for electronic health care records and technology.  Create a plan to mitigate any identified risk. 
  2. Have a detailed backup procedure for data and diligently execute the backup systems, preferably off-sight.
  3. Train and prepare staff on the risks of cybersecurity, including attempts to human engineer individual staff with phishing and other email schemes.
  4. Establish immediate processes with personnel in the event of a ransomware attack and/or contract with a third-party vendor.
  5. Consider the purchase of cyber insurance that could assist in a breach.
  6. Report all breaches or attempts to law enforcement (i.e. FBI and Homeland Security)

Additional resources

Here are some additional resources that may help in the cybersecurity planning process:


If there are any questions or concerns regarding this information, please contact research@ahca.org.

No comments:

Post a Comment