As healthcare becomes increasingly digital and online, patient treatment and outcomes are being improved through faster referrals and more accurate information. Although these advances are transforming healthcare in ways not thought possible just a decade ago, hyperconnectivity comes with hidden risks: cyber hacks and attacks on digital security could lead to loss of private patient information.
For example, one of the primary threats to small healthcare facilities are ransomware attacks. Not only are ransomware attacks rising in frequency, but the latest research shows that the next generation of malware will not simply deny access to data, but will also steal it.
Healthcare providers – the custodians of patient data – are typically buttressed by one of two structures. Large, corporate and well financed hospitals that are protected by enterprise class software and full time technology staff. On the other hand smaller, front line clinics require that primary care providers be tasked with the imperative protection of patient information with an administrator often acting as chief technology officer. While smaller organizations may have a broad understanding of the risks associated with hyperconnectivity, the reality is that many lack practical tools and actionable advice to protect themselves and their patients from online threats.
Dr. Ian Furst of our National Cyber Security Leadership Council, Cambridge Memorial Hospital and Coronation Dental Specialty Group recently reviewed a straightforward strategy for small healthcare facilities at the Ontario Society of Oral & Maxillofacial Surgeons to better their business continuity planning and harden their cyber systems.
Dr. Furst led the group through a step-by-step series of questions, targeted at decision makers in small businesses to spark meaningful discussions within their practices and with their IT providers about the risks and rewards of hyperconnectivity.
The questions focused on three broad topics;
1. Business Continuity Planning: What are the probable threats to our practice and how resilient are we to IT outages?
2. Cyber Policy: What policies can we put in place to mitigate our risks?
3. Threat Mitigation: A checklist for each layer of cybersecurity protection – how does our practice stack-up?