Rising Cybersecurity Risks in Healthcare: Navigating Telehealth and Interoperability

Part One: The Risks of Cybersecurity in the Health System

In a two-part Triage series, Gina Bertolini, Sarah Carlins, and Jianne McDonald delve into the cybersecurity risks faced by hospitals and health systems across the nation. Over the past five years, cybersecurity incidents involving healthcare providers have seen a significant increase. The Office for Civil Rights (OCR) within HHS reported a nearly 300% surge in large data breaches involving ransomware from 2018 to 2022. With interoperability being a key government priority and remote care models gaining popularity, the demand for big data to support complex technologies poses ongoing risks to healthcare providers.

In the first part of the series, Sarah Carlins and Jianne McDonald examine recent recommendations by OCR for healthcare providers and patients regarding cybersecurity measures in telehealth. They also discuss the federal government’s emphasis on effective communication about the privacy and security of electronic health information as essential for quality care in telehealth settings.

Healthcare providers are increasingly using telehealth services to provide care remotely to patients. However, this trend also comes with increased cybersecurity risks. According to OCR, telehealth services have been targeted by cybercriminals more frequently than traditional healthcare services. This is due to the fact that telehealth often involves exchanging sensitive patient information over networks that may not be as secure as those used in hospitals or clinics. Additionally, remote care models often involve accessing patient data from multiple devices and locations, which can make it more difficult to maintain strong security protocols.

To address these risks, OCR has issued several recommendations for healthcare providers and patients regarding cybersecurity measures in telehealth settings. These include implementing strong password policies, regularly updating software and hardware systems, conducting regular security training for employees who handle patient data, and encrypting all electronic health information when it is transmitted or stored outside of a hospital or clinic network.

Effective communication about the privacy and security of electronic health information is also essential for quality care in telehealth settings. Patients need to understand their rights with regard to their personal health information and how it is being protected during remote care services. Healthcare providers must ensure that they are communicating clearly with patients about these issues so that they can make informed decisions about their care options.

The second part of the Triage series will focus on recent initiatives by HHS aimed at addressing cybersecurity risks faced by hospitals and health systems nationwide. We will explore how interoperability challenges pose additional risks for these organizations as they strive to integrate technology into their operations.

Overall, it is clear that cybersecurity is becoming an increasingly important issue for healthcare providers as they adopt new technologies such as telehealth services. By following best practices outlined by OCR and other government agencies, these organizations can better protect sensitive patient information while still providing high-quality care remotely.

Leave a Reply