Cyber Attacks Hurt Home Health Operations – But Patient Outcomes Are Next

Home Health Care News | By Patrick Filbin
 
For home-based care providers, cyber attacks are less likely to be an “if,” and more likely to be a “when.”
 
And, as cyber attackers get more creative and persistent, it’s important for providers to understand the implications of attacks.
 
“Over the last 18 months, we’re seeing massive impacts to patient care,” Fortified Health Security CEO Dan Dodson told Home Health Care News. “In the health system space, we’re seeing organizations go down for weeks and months, literally diverting care. It’s one thing for a patient record to be exposed, and nobody wants that. But it’s an entirely different set of circumstances when you can’t deliver care.”
 
Fortified Health is a Tennessee-based cybersecurity firm.
 
In order to be as prepared as possible, provider leaders need to know what to look for and what their staff needs to look for. They also need to be equipped with the proper resources when an attack does come to fruition.
 
Over the past decade, cyber security experts have seen a gradual uptick in cases where attackers are pursuing private information.
 
“It hasn’t been just this year, although we have seen a number of them already, but it’s gradually been increasing probably over the last 10 years, especially at the start of 2020,” Barbara Citarella, the president of RBC Limited, told HHCN. “The problem for most home-based care agencies is they don’t know what to do when a cyber event happens: what the protocol is, who they should be calling, how detailed it is — to make sure that you’re covering yourself in regard to HIPAA violations and things like that.”
 
RBC Limited assists agencies with strategic planning for leadership, health care reform and business continuity. Citarella also serves as a subject matter expert to the United States Assistant Secretary of Preparedness and Response.
 
Cyber attacks on health care organizations are perfect for attackers, Citarella said, because of the wide dearth of information held by health care organizations.
 
Home-based care providers’ systems are generally vulnerable to attacks, Citarella said. Thus, they should be doing regular risk assessments and should be backing up their own data on a separate server.
 
“We had a big home care event that took place in 2019, and the agencies that backed up their own data were up and running very quickly, and the agencies that used a third-party biller couldn’t access their information for a long time,” Citarella said. “Agencies have to back up their own information on a separate system, and they should be testing that separate system to see how quickly they can get up and running.”
 
Consolidation of home health and home care agencies have added to the urgency for protection to be put in place, Citarella said. The attackers are also evolving as the industry grows.
 
“They’re much more sophisticated,” she said. “They’re coming from a number of countries and interestingly enough, drug cartels are now doing it. It’s a lot easier to take information and steal somebody’s identity if you don’t have to have a force out on the ground. You just need a bunch of people in an office.”
 
Jason Vander Velde, a senior manager on the IT management team at Wipfli, also has seen an uptick in sophisticated attacks.

Read Full Article