Increased use of telehealth, a more dialed-in workforce and blatant phishing scams that prey on health concerns adding to the dangers.

When Russian hackers attacked an IT support company and demanded a $14 million ransom, the attack impacted more than 110 nursing homes and 80,000 computers. For over a year, the offenders used phishing emails to infect the company’s computers, gain access to its network and locate vulnerabilities. Later, they gained control of administrators’ accounts, stealing data.

In another recent event, personal health data from thousands of nursing home residents was stolen and encrypted by the ransomware strain NetWalker. When the provider declined to pay ransom, the attackers released screenshots of stolen data.

“Bad actors are exfiltrating data at a higher rate,” notes Dan Hanson, senior vice president of management liability & client experience for Marsh & McLennan Agency. “This leads to higher ransomware demands, and long periods of business interruption.”

No one refutes that long-term care cyberattacks are on the rise, yet speculation varies over the reasons.
John Weatherbie, chief technology officer for MatrixCare, believes high numbers of remote workers, an increased dependency on EHR systems, and the frenetic pace of upgrades provides an opportunity for hacks.

Hanson, whose firm assesses risks and provides insurance for it, believes the current threat level is higher than ever. Among leading risks are lack of multi-factor authentication policies, open access to remote ports and outdated software.

Weatherbie believes the pandemic-driven influx of technology and interoperable solutions and the hastiness with which many were adopted have left so many providers “vulnerable and unprepared.”

Scott Code, senior director of Leading Age’s Center for Aging Services Technology, says workforce issues also contribute.

Adds Tim Tomlinson, vice president, chief information security officer for PointClickCare:
“As remote working and hybrid working models continue, companies need to continue to invest in enhanced, remote security measures to meet this new reality of protecting their employees and sensitive company information with employees outside of the office.”

From the December 2021 Issue of McKnight's Long-Term Care News