New York Senator Chuck Schumer recently sent a letter to the Centers for Medicare & Medicaid Services after a massive cyber-attack against Change Healthcare, one of the largest healthcare companies in the US.
The attack negatively impacted hospitals, pharmacies, and providers across the nation, leaving them unable to process insurance claims, prescriptions, payroll and more. Change Healthcare is a subsidiary of UnitedHealth Group, responsible for over 100 suspended healthcare services including:
- Insurance claims
- Billing patients
- Prescription orders/fills
- Receiving electronic payments
- Insurance coverage eligibility checks
Relief Payments to Lessen Financial Burden of Medical Cyber Attack
As a part of his letter to the Centers for Medicare & Medicaid Services, Senator Schumer urged the administration to act and “minimize the cascading consequences of this attack and ensure the continued delivery of lifesaving patient care services in communities across New York State.”
Some hospitals face a “financial cliff” of insolvency due to the losses resulting from this attack, as they are nearing the point where they cannot operate with just the money they have on hand. The senator is pushing CMS to offer payments through the Accelerated and Advance Payment Program. This program is designed to allow CMS to make advance payments to providers before receiving insurance claims from them to alleviate the burden.
What Does This Mean for the Healthcare Industry?
The crippling effects of this attack were widespread and harmed overall patient care for all involved providers. On top of this, there are now countless cascading issues resulting from unprocessed or unpaid insurance claims, prescription errors, and more.
Schumer mentioned that this attack emphasizes the need for comprehensive and competent cybersecurity measures to prevent future attacks. Although it can seem overwhelming to keep up with advanced and growing cyber threats to the healthcare industry, there are steps you can take to practice proactive cybersecurity.
What Steps Can You Take to Mitigate Cyber Attacks on Hospitals and Providers?
Proactive measures can help drastically reduce your risk of falling victim to cyber-attacks. Healthcare businesses are at heightened risk for cyber-attacks, since hackers will target victims that deal with sensitive or protected information.
1. Healthcare Printer Security
One major consideration any healthcare provider should consider is endpoint security. “Endpoints” refer to all devices that connect to your business network. With so many new smart devices in healthcare, hackers can commandeer vulnerable devices to gain a foothold in your network.
Some endpoints to focus on are your business’s printers/multi-functional printers (MFPs). Devices must be updated regularly with the latest software patches designed to keep hackers out. If your printer fleet is outdated, your devices may be incompatible with manufacturer updates. If this is the case, investing in a new fleet could drastically decrease your chances of being hacked via your printers.
To read more about printer security and how a lack of cybersecurity measures can endanger healthcare businesses, check out our blog: Healthcare Data Breaches: Does Your Printer Put You At Risk?
2. HIPAA Compliance Through Secure Collaboration Tools
Especially since many providers now offer telehealth services, it's crucial to find a secure collaboration platform to protect sensitive information. Cloud collaboration tools such as Microsoft Teams offer features that users can configure for HIPAA compliance. Some key details to consider for HIPAA compliance while using the cloud include:
- Data access controls
- Data loss prevention
- Meeting security
- Audit logs to track access and administrative changes
To read more about how to use Microsoft Teams according to HIPAA requirements, read our blog: Is Microsoft Teams HIPAA Compliant?
3. General Data Security Measures
Whether you have a health care business, or work in any other industry, you'll need comprehensive cybersecurity measures to create a basic defense against cybercriminals. Some important aspects to consider in your cybersecurity plan include:
- Strong password requirements & frequent resets
- Secure file-sharing practices such as cloud faxing and printing
- Cybersecurity awareness/phishing training for employees
- Cybersecurity monitoring services to detect and respond to threats
Your in-house IT team, managed service provider (MSP), or managed security service provider will be able to implement these measures. To learn the difference between an MSP and an MSSP, read our blog: MSP vs MSSP: What’s the Difference?
4. Create an IT Continuity Management Plan
Even with the best cybersecurity tools and practices, nothing can guarantee you won't fall victim to a cyber attack. For this reason, it's a good idea to have a plan of action in case your business suffers a breach.
Many businesses are adding cyber insurance to their cyber attack survival kits, although it has gotten harder to qualify for policies since the steep rise in attacks. As cyber criminals get better at capitalizing on vulnerabilities, cyber insurance companies want to see a clear strategy to mitigate risk.
Cyber insurance requirements will include the basics for cybersecurity including MFA and other safeguards. They will also likely ask about your data backups, training, and other measures you've taken to reduce your risk of suffering a breach. To read more about cyber insurance requirements, read our blog: How Have Cyber Insurance Requirements Changed Since COVID-19?
How to Find Healthcare Cybersecurity Services
It might seem overwhelming to figure out the right security features and tools to invest in. Even if you already have an in-house IT specialist, investing in a managed IT provider could be worth your while to find customized cybersecurity solutions. To compare in-house vs outsourced IT, check out our comparison here.
If you're ready to invest in a managed IT provider to find the best solutions for your needs, click the button below to speak to an experienced IT expert.
