The pMD Blog

Welcome to the
pMD Blog...

where we cover interesting and relevant news, insights, events, and more related to the health care industry and pMD. Most importantly, this blog is a fun, engaging way to learn about developments in an ever-changing field that is heavily influenced by technology.

Cybersecurity in Health Care: What We Know and Why It’s Important

What do you think of when you hear the word "cybersecurity"? If you’re anything like me, then this word can lead to a feeling of anxiety as headlines from the recent Equifax breach or the WannaCry attack flash across your mind. While cybersecurity can be an intimidating endeavor, take comfort in knowing that there are some straight forward steps that can be taken in order to strengthen cybersecurity in any industry. Before tackling preventative measures, however, we need to discuss what cybersecurity encompasses and its connection to health care.

What is cybersecurity?


Cybersecurity is "the body of technologies, processes, and practices designed to protect networks, computers, and data from attack, damage, and unauthorized access". This may seem like a lengthy definition, but it does cover all the aspects of cybersecurity and, more importantly, it highlights that cybersecurity is NOT just technology. Often, cybersecurity processes are more important than the technology itself in fending off malicious attackers.

Why is cybersecurity important in health care?


According to KPMG’s Cyber Healthcare & Life Sciences survey, 47% of health care providers reported instances of HIPAA violations or cyber attacks this year, rising 10% from the 2015 report. This number is only compounded by the increasing prevalence of connected devices, or the “Internet of Things,” which has contributed to the growth of new exploits that take advantage of lower security thresholds on these seemingly limited devices.

HIPAA’s Security Rule addresses some of the concerns that stem from having extremely valuable personal health information open to potential attacks by providing “a framework for managing risk.” The rule basically covers administrative safeguards, which includes performing risk analysis, designating security credentials, and training employees. This rule also details physical safeguards, which includes everything from locks on doors, to password protected workstations, to actual security guards. And finally, technical safeguards are also discussed, which is the part that you would more likely think of when you hear the word “cybersecurity” and includes things like access control and transmission security. While this framework gives broad suggestions on how to avoid potential security breaches, it doesn’t dive deep into specific suggestions, which begs the question:

What can we do to ensure our patients' health information is safe?


1. Stay up to date on industry trends and cybersecurity threats

One great resource to remain up to date is the HIMSS Cross-Sector Cyber Security reports. These reports are released frequently and include updates on attacks and vulnerabilities across health care and other industries.

2. Update systems regularly

A core lesson from the WannaCry attacks: updating software systems regularly and utilizing cloud-based systems (like pMD!) when possible to avoid running outdated versions of software can help ensure that known vulnerabilities are not left exposed.

3. Be wary of potentially harmful links

Spam email remains one of the top ways malware spreads throughout networks. Being vigilant of the links you click on and where you enter sensitive data is an easy way to avoid falling victim to phishing attacks.

4. Plan your response

If you do experience an attack, a response plan can help prevent exacerbating the situation through mismanagement. Coordinated response efforts are key to minimizing the impact of any attack and the plan should include addressing the root of the problem, not just the effects.

From employee training, to processes for handling sensitive patient data and reacting in the event of a violation, to technical specifications, one thing is clear: cybersecurity is a team effort.

If you have any questions about today’s blog post or would like to find out more about pMD's suite of products, which includes our MIPS registry, charge capture, secure messaging, and care coordination software and services, please contact pMD.

More Resources:
http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf
http://www.healthcareitnews.com/news/healthcare-organizations-are-underestimating-cybersecurity-risks

 

 
5G ACA Account Management ACI adoption Advancing Care Information Advice AHCA AHRQ AI Alternative Payment Model Amazon S3 Android API Apple appointment reminders Artificial Intelligence arts Audit Award Bay Area BCRA Benefits Best Place to Work Best Practices Big Data Billing Billing & Collections Billing Service Billing Services bootcamp BPCI BPTW Bundled Payments Business relationships Care Communities care coordination Care Navigation Care Team Career Fair CDC Charge Capture Charge Capture App Charge Capture Software Charge Capture Solution Charge Capture Statistics Charge codes Charge Lag Charge Reconciliation CHIP CIO Clinical Communication clinical data Clinical Data Registry Clinically integrated network Cloud CMS cms regulations Coding Collaboration Communication Company Culture Conferences Connected Health Record contact practice Coronavirus COVID COVID-19 COVID19 CPT codes Cross-functional culture custom reports Customer Interaction customer relations customer service customer success customer support Customers Cyber Security cybersecurity Developer DHHS Diagnosis codes Dialysis discharge instructions Doctor EHR elderly Electronic Charge Capture Eligibility EMR Encryption End-to-End Platform epidemic Expansion FDA FHIR Flu fundamentals Gen Z GI GI Outlook Goals group messaging Health Care Health Care Technology Health Care Web Health Care. Health Care IT health data Health Information Exchange Health Record Healthcare Healthcare Data healthcare interface healthcare interface integration healthcare software HIE HIPAA hipaa compliant communication hipaa compliant communication platform HIPAA-Compliant Hiring HL7 Holidays Home dialysis Hospital Census Hospital Communication humanity IA ICD-10 ICD-11 Immunizations Implementation Improvement Activities in-app calling inclusive software injury rehabilitation Instant capture Integration interface interoperability iOS iOS 8 iOS7 iPad iPhone iPhone 6 IT Lead Generation length of stay LGBTQIA Long Term Care LTC Machine learning MACRA Medaxiom Medical Billers Medical Billing Medical Billing & Collections Medical Coders Medical Coding Medical Errors Medical Record Medical Software Medicare Mental Health Mentorship Messaging Messaging with Patients MGMA MIPS MIPS Registry mobile Mobile App Mobile Charge Capture Mobile EHR Mobile Health Mobile Messaging Mobile Payments Mobile security Mobile Software Mobile Technology Mobile telehealth Modern Healthcare Native App Network new feature new features news NIH OCM onboarding Oncology Care Model operations opioid crisis Pandemic Parenting Partnership partnerships Patient Patient access Patient App Patient Care Patient Chat Patient chat routers Patient Communication patient data Patient Engagement patient experience Patient Generated Health Data Patient Handoff Software Patient Information Patient Messaging Patient payments patient portal Patient Record Patient Safety Patient satisfaction Patient Simulators patient support Patient Visits Patient-Centric PCP Performance bonus PHI Phishing Scams Physician Physician burnout pmd pMD Pro pMD Team population health Population Health Management Post-COVID PQRS Practice Management Pregnancy Press Release Product Development Productivity products Promoting Interoperability Protected Health Information QCDR QPP Quality Data quality reporting Quality Scoring Ransomware RCM Recruiting Recruitment Reimbursement remote jobs Remote Work Reporting reports Residents Responsibility revenue cycle management ROI Rural communities Ryuk Sales Secure Communication Secure Data Secure Messaging Secure Messaging Video Secure Text Messaging Secure Video Secure Video Chat Security Audit self care seniors sexual orientation and gender identity SF Biz Times SMB SNF SNOMED-CT SOC 2 software vendor SOGI Spear Phishing Specialty Care success support TCM Team Team culture Teamwork technology telehealth telehealth reporting Telemedicine telemedicine in long term care Telemedicine skilled nursing facilities Teletherapy Text Messaging texting Thanksgiving time-based billing training transgender Travel Upgrades UX Design VA vaccination records vaccinations Vaccine Value-based care Video Calling Video chat video communication video conferencing Virtual Care Virtual Visit voice calling voice memos WannaCry Wearable Device wearing many hats Web App wellness wfh Wireless Work From Home Work Life Balance Workflow optimization Workplace Culture