Caring for COVID-19 residents has created a lot of distractions in many nursing homes. In the midst of all that stress, it’s easy to see how their vulnerabilities are providing opportunities for theft, with information the likely most desirable commodity.

It appears that the criminals are aware of this sensitivity. In the course of its long-term research and deep knowledge base of this industry, Leading Age’s Center for Aging Services Technologies (CAST) asserts that post-acute care remains among the most vulnerable of all sectors in healthcare, largely because its level of IT sophistication and information security have conventionally trailed far behind that of the acute-care side.

Primary targets include electronic health records, personally identifiable information (PII) and protected health information (PHI) — all of which have become easier than ever to hack for sophisticated criminals.

Late last year, a bipartisan congressional report found the long-term care industry woefully at risk and unprepared.

One lesser-known vulnerability for nursing homes is the massive forensic reports produced after a break-in, says Lisa Rivera of Bass, Berry & Sims PLC, Nashville.

Rivera, a former assistant U.S. attorney and federal prosecutor, counsels healthcare clients on matters related to civil and criminal healthcare fraud and abuse. Rivera says as a result of a recent court ruling, companies may be forced to produce or otherwise disclose third-party forensic reports generated during a post-breach investigation, potentially exposing them to litigation.

Other trouble spots include unmonitored foot traffic, mobile devices, public Wi-Fi and inconsistent training, she adds.

Small and independent facilities are likely most vulnerable, according to Rivera, who advises providers to “know where all of their vulnerable data is.”

That includes moving the PHI and PII of deceased residents off-site as quickly as possible. Such information is a popular target for cybercriminals wanting to quickly cool the trails of their crimes. 

From the September 2020 Issue of McKnight's Long-Term Care News