Diane Evans

Predictably, thieves worldwide are attempting to exploit the coronavirus pandemic to hack into healthcare databases — to the point that Forbes reported a wave of 2,500 malware attacks in less than a day on March 16.

Long-term care providers especially should be on high alert. Why? Because as reported in LeadingAge’s landmark cybersecurity white paper, long-term care faces greater risk in general due to information security that is often “less mature than acute care.” As a result, these less advanced or outdated systems could entice enterprising cyber criminals.

For long-term care providers, the extra challenge during the coronavirus is to act swiftly on two fronts relating to data protections: 

  1. Shore up IT systems to the greatest extent possible, and be sure to implement system patches and updated software.
  2. Equip staff members with the information they need to put up a front-line defense against hackers.

This second point is critical, even in organizations with the most secure databases.

An organization could have the most rock-solid IT system possible, but if a single staff member unlocks the door to that system, it’s all for naught. All a staff member has to do is open a suspicious email or click a link to a spam website and all that brilliant IT architecture will not matter. 

Right now, planning is the best defense for preventing IT intrusions with potential to further hamper organizations already under severe pressure.  To start, revisit basic security measures under the Health Insurance Portability and Accountability Act (HIPAA). While HIPAA is law, as the feds often point out, it also provides a sensible framework for base-level security practices across an organization.

The underlying call of HIPAA security regulations is to create a culture of vigilance, so that staff members are prepared to be front-line enforcers. This means people on the front lines know when to be suspicious and know what to look for. In military parlance, it is called situational awareness. In daily practice within healthcare, it means workers at their computer stations can sniff out an IT attack. And when they do, they know to stop working and quickly notify a supervisor or a technical expert so that any malicious intrusion could be prevented.

As a leading industry study points out, small precautions — akin to the use of hand sanitizer — can prevent big problems.  At this time of pandemic, these routine safety habits are critical to keep IT systems working properly so full focus can be where it should be: on patient care.

Diane Evans is publisher of MyHIPAA Guide, a HIPAA consultancy and subscription service, and she can be reached at [email protected]. Here is complimentary download: Crisis Tipsheet: Staff Best Practices for IT Security.