IT Security For Healthcare Practices Is Critical During COVID-19

Few organizations are as critical as those in the healthcare industry, especially now, and the industry is currently under an unprecedented amount of stress. Cybercriminals are aware of this and unfortunately, healthcare providers store and manage the type of data cybercriminals consider to be of great value: patient data. The coronavirus crisis provides hackers the opportunity to take advantage of the chaos and attack your systems. 

The last thing anyone needs right now is for any healthcare facility to have to deal with data breaches and the costs associated with them while also struggling to provide care for the growing number of COVID-19 cases.

For Southern New England Healthcare Providers, Your Technology is More Critical Than Ever

On March 23rd, Governor Charlie Baker issued an emergency order requiring all businesses and organizations that do not provide “COVID-19 Essential Services” to close their physical workplaces and facilities to workers, customers, and the public. While these businesses are encouraged to continue operations remotely, here's a list of what businesses can stay open, according to Governor Baker's order. 

While it is unfortunate that most businesses will find the ability to work remotely (if they can) overwhelming, there are steps you can take to make the transition run as smoothly as possible. Here are three tips to get your remote workers up and running and some suggestions to modernize your office, which are transferable to your new remote work space. 

For those industries that are considered essential and are allowed to continue to work onsite, Datalyst can help you continue to be productive by ensuring your technology continues to perform at the level it needs to be. 

For those in the healthcare industry, the stakes are that much higher.

IT for Healthcare During COVID-19

According to the list of essential businesses, Healthcare, Public Health, Human Services is an essential business. Businesses covered by this policy include workers providing coronavirus testing, medical caregivers, hospital and laboratory personnel, and more. One constant theme during this crisis is the strain medical institutions are under. Too often, data security is one of the first practices to fall under the stress of what can appear to be non-stop medical emergencies. 

With 83% of healthcare systems running on outdated software it is clear to see how critical it is for medical organizations to focus on best practices for security. The reality is, however, that during this crisis, healthcare professionals don’t have the time to check whether their medical devices are running Windows 7 which is end-of-life; let alone Windows XP or older versions of Linux OS. Fact is, if you’re running low on equipment (which many medical centers are), during this crisis, you grab the first piece of tech that’s available and connect it to the network and no one can blame you. 

Unfortunately, using outdated software or security protocols increases the risk of your organization being hacked. Using older, end-of-life and vulnerable equipment can expose your network and patient data to risk of being compromised by cybercriminals. Have no doubt about it, cybercriminals are taking advantage of the chaos this virus is causing and searching for opportunities to gain access to your network and your patients’ personal information.

Compromised medical devices are such a matter of critical concern that the FDA have discussed potential vulnerabilities in medical devices. According to Suzanne Schwartz, deputy director at the FDA’s Center for Devices and Radiological Health, “Medical devices are becoming increasingly connected, and connected devices have inherent risks, which make them vulnerable to security breaches…” 

HIPAA and COVID-19

Due to the reality of medical professionals needing to quickly communicate the status of patients during this pandemic, there has been limited relaxation of HIPAA laws including:

• Requirements to obtain a patient's agreement to speak with family members or friends involved in the patient’s care
• Requirement to honor a request to opt out of the facility directory
• Requirement to distribute a notice of privacy practices
• Patient's right to request privacy restrictions 
• Patient's right to request confidential communications

While these relaxations make it easier for healthcare professionals to support their patients, none of these temporary changes provide exemptions to a data breach. In other words, regulations regarding data breaches for HIPAA for Professionals are still in effect.

Software, Communication, and Infrastructure Solutions Still Matter

It is understandable that worrying about out-of date-software or devices with weak security is the last thing most healthcare providers are concerned about during this crisis, and we at Datalyst respect this. We also know that the temporary relaxation of HIPAA rules is just that, temporary. Non-compliance comes with consequences for your business, moreover the last thing a person who survived COVID-19 needs is to return home from the hospital, only to find their identity has been stolen and their personal data is on the Dark Web.

Fortunately, Datalyst understands IT security solutions and compliance pertaining to HIPAA as well as the healthcare industry, and can implement security solutions to keep your patients’ data safe. We can work with you without causing disruption in your regular services. Get started with a FREE IT consultation for your medical center or call (774) 213-9701 today to learn what you can do to protect your patients’ medical records.