We thought this might be true, that cybercrime puts patients in danger, but now there’s a study that shows a link. In the weeks and months following data breaches, the death rate among heart attack patients increased. The data breach itself did not cause the deaths, but it set up a chain reaction of events that interfered with patient care. It appears that the hospitals’ reactions to the data breach, i.e., efforts to improve security after the fact, may be placing stress on health care providers, slowing reaction times.
Ransomware Can Shut Down a Hospital
It’s obvious that health care in a community is put at risk if a hospital closes. It happened most recently in Alabama, when DCH Hospital System shut its doors on October 1 and refused new patients – they ended up paying a ransom to stop the crisis. A few weeks before, Campbell County Health in Wyoming was hit with ransomware. They postponed surgeries, stopped admitting patients and diverted emergencies even though the nearest hospital was 70 miles away. They were not back to normal operations for 17 days.
Cybercrime is Rising in Health Care
Data breaches continue to rise in health care, and one of the main causes of electronic breaches is intentional hacking. Ransomware is a particularly difficult type of attack because the hackers lock down medical records and block the owner’s access to them unless a “ransom” is paid. In 2019 more than 38 million health care customers had their records breached, the largest number since 2015 when massive hacks struck Anthem, Blue Cross, Excellus and UCLA Health System.
EHR Systems May Contribute to Provider Stress
The study revealed that the time it took for a patient to receive an electrocardiogram increased by as much as 2.7 minutes after a data breach. The researchers found that the data breach response and recovery efforts in a hospital – which is focused primarily on the electronic health records system – places extra stress on doctors, nurses and other health care professionals.
Electronic health records systems in hospitals have brought much that is good into the healthcare ecosystem. When they work smoothly, they assemble all of a patient’s medical history into one place that is quick and easy to access. They also permit rapid transmission from one place to another within the hospital. Unfortunately, they can also be cumbersome and time consuming, and when a breach occurs hospital staff must take extra steps to increase cybersecurity, e.g., new passwords, new software, additional training.
Good HIPAA compliance includes strong security measures. When HIPAA compliance is weak to start with, the response and recovery efforts are more disruptive since so much more needs to be done.
HIPAA Compliance Can Help Reduce Cybercrime
HIPAA compliance is a blueprint for stopping cybercrime. This is because the heart of a good HIPAA compliance program is a thorough Risk Analysis – Risk Management program. When done correctly it can greatly reduce the likelihood of security breaches. A thorough inventory of equipment, systems and protected health information is included, with reminders about updates and patches. It instills a culture of compliance among the workforce, who can provide a strong defense against breaches.
It always includes workforce training – about HIPAA – but also about cybercrime prevention. Simple steps in advance can reduce risks. Simple lessons before the fact are much easier to teach and learn from, than they are after the fact in the wake of a breach that has placed the entire hospital under stress.
The HIPAA E-Tool® contains everything needed to prepare for and prevent security breaches. Every policy required, every form, suggestions and guidance about what to do if the worst happens – how to respond and recover. Also included is workforce security training to strengthen the culture of compliance.
The HIPAA E-Tool® is always up-to-date and has answers to all HIPAA questions at your fingertips.
NOTE: A good summary of the study is here, from PBS News Hour.