Addressing the Critical Cyber Threats in US Healthcare
CognitiveHealth Technologies
AI-Powered Automation Purpose-built for Healthcare RCM
US health care is 17.3 percent of the US GDP?and by itself now exceeds the?GDP of Germany. It has grown to the point where the uninterrupted functioning of healthcare payments is vital to national security. In recent months, the healthcare industry has faced?severe data security challenges, leading to breaches, and compromising patient trust. The Change Healthcare ransomware incident that occurred on February 21 imposed a stark reminder to the nation that the critical healthcare infrastructure if severely disrupted or disabled, would cause a cascading and crippling impact on our national economic security and public health and safety. As per HHS, Change Healthcare handles fifteen billion transactions every year. It is estimated that as many as eighty-five million patients’ medical records might have been “exfiltrated’ from Change’s vast databases and destroyed.[1]
Complex Healthcare Technology Environment:
Healthcare technologies have the potential to extend, save, and enhance lives. Technologies on the healthcare provider side range from those providing storage of electronic health records (EHRs or EMRs), devices that monitor health and deliver medication (including general purpose devices and wearables, and technology embedded within the human body) to tele medicine technology delivering care remotely – even across countries. On the payer side, they range from claims processing, managing communications with providers and patients, managing documentation and medical records, and EDI transactions for eligibility verification and provider and member services, etc. Patients increasingly use mobile applications connected to their respective provider EMR or payer applications, which can now be integrated with telemedicine/telehealth and integrated into the medical Internet of Things for collaborative disease management and care coordination. On average, in revenue cycle management alone, Providers and Payers use dozens of technology applications and have many ways to interface with each other! These interconnected systems, applications, and devices in healthcare create a complex network where consistent security is challenging to maintain.
Evolution of Cyber Threats:
Healthcare in the USA is not new to Cyber Threats. Whether it is an individual stealing healthcare data or large ransomware attacks, there are thousands of reported breaches in the country yearly. A look at HHS-OCR’s breach report[1] (the wall of shame, as it is secretly referred to within the healthcare IT community) gives you a glimpse of such attacks.
Unfortunately, the interconnection of multiple technology applications introduces cyber security vulnerabilities. Cyber security safeguards computer networks and their information from penetration, data breaches, and accidental or malicious disruption. Over the past five years, there has been a 256% increase in significant breaches reported to OCR involving hacking and a 264% increase in ransomware. In 2023, hacking accounted for 79% of the significant breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022. Since the black-market value for health records is 10 to 50 times higher than the general personal records, the healthcare data becomes attractive for malicious actors to breach and steal. Hence, hackers continuously develop new methods to infiltrate systems and exploit vulnerabilities. In 2023, 46 hospital systems, with 141 hospitals, were impacted by ransomware, and at least thirty-two of the forty-six had information, including protected health information, stolen[1].
Healthcare data security threats have become an attractive economic activity for Ransomware attackers, hackers, and criminal individuals.
What are healthcare organizations doing to secure their data?
Securing healthcare data?is crucial to protect patient privacy, maintain data integrity, and prevent unauthorized access. Hospitals and healthcare organizations employ various strategies to safeguard sensitive information. Here are some key measures:
1.??? Access Controls: Hospitals restrict access to patient data based on roles and responsibilities. Only authorized personnel, such as doctors, nurses, and administrative staff, can access specific information. Access control mechanisms include user authentication (e.g., passwords, bio-metrics), role-based access control (RBAC), and audit logs.
2.??? Encryption: Data encryption ensures that patient records remain confidential during transmission and storage. Hospitals use encryption protocols (e.g., SSL/TLS for web communication and AES for data at rest) to protect sensitive data.
领英推荐
3.??? Firewalls and Network Segmentation: Hospitals deploy firewalls to monitor and filter network traffic. Network segmentation isolates critical systems (e.g., electronic health records) from less sensitive areas (e.g., guest Wi-Fi) to prevent unauthorized access.
4.??? Regular Software Updates and Patch Management: Hospitals keep their software (including operating systems, databases, and applications) up to date to address security vulnerabilities. Regular patching helps prevent exploitation by cyber criminals.
5.??? Endpoint Security: Hospitals secure devices (computers, tablets, medical equipment) with antivirus software, intrusion detection systems, and endpoint protection. These tools detect and prevent malware or unauthorized access.
6.??? Data Backup and Disaster Recovery: Regular backups ensure patient data remains accessible despite system failures, cyber attacks, or natural disasters. Hospitals maintain off-site backups for redundancies.
7.??? Employee Training and Awareness: Hospitals educate staff about security best practices, phishing awareness, and social engineering. Employees play a critical role in maintaining data security.
8.??? Vendor Risk Management: Hospitals assess the security practices of third-party vendors (e.g., electronic health record providers and cloud services) to ensure they meet security standards.
1.??? Physical Security: Hospitals secure physical access to servers, data centers, and storage facilities. Restricted areas require authorized badges or biometric authentication.
2.??? HIPAA Compliance: The Health Insurance Portability and Accountability Act (HIPAA) mandates data privacy and security for protected health information (PHI) in the USA. Hospitals must comply with HIPAA regulations.
Remember that no system is entirely immune to cyber threats, but hospitals continuously improve their security posture to adapt to evolving risks. Regular risk assessments, penetration testing, and collaboration with cybersecurity experts are essential for maintaining robust data security in healthcare.
Technology initiatives in Healthcare Data Security using AI.
Apart from the available methods to secure the data, healthcare organizations also take many technology initiatives using AI. Some examples are.
·???????? Privacy Analytics Using AI: Implementing AI-driven privacy analytics models can detect potential privacy violations, attacks, or breaches in EHRs.
·???????? Secure and Private AI Solutions: AI can defend against threats to data integrity and ensure privacy by using encryption and other tools.
·???????? Detecting Malware and Breaches: AI algorithms efficiently identify malware, security breaches, and cyberattacks.
Impact of Data Breaches in Healthcare Breaches erode patient trust, leading to patients withholding crucial health information from providers. Without a complete picture of patient health, clinicians cannot provide holistic care, affecting patients and healthcare providers. There is a direct effect on revenue—delays in payments, claims submission and processing, and even some fundamental interactions with payers like eligibility verifications get affected if ransomware attacks, like the one at Change Healthcare, ever occur. In summary, the healthcare industry faces ongoing data security challenges, but leveraging AI and implementing robust security measures can help protect patient information and maintain trust in the system.
About CognitiveHealth:
CognitiveHealth provides AI-driven process automation applications to Healthcare Providers. Focusing on Healthcare RCM functions, CognitiveHealth has delivered successful process automation apps that have significantly reduced costs and improved efficiency in various RCM processes. Contact us to schedule a demo.
Author : Vispi Gowadia VP Technologies CognitiveHealth Technologies