October 29, 2021

Patient Lives Are On The Line: 3 Notes On Cybersecurity Awareness

Angie Stewart, Content Specialist, Protenus

The pandemic has placed virtual conferences, Zoom meetings, telehealth appointments, digital payments, and online social activities at the heart of day-to-day life. But with so much of our daily routines now taking place in the digital realm, Americans are rightfully increasingly worried about how their sensitive data is secured.

Protenus is proud to recognize October as Cybersecurity Awareness Month. Fill out the form to get in touch with experts on our team.

In fact, 63 percent of respondents to a 2021 Pearson Institute/AP-NORC poll said they are "extremely/very concerned" about cyberattacks affecting healthcare systems. Another 62 percent were extremely concerned about cyberattacks impacting their personal information, identity, finances, or health records. 

For individuals at every level of an impacted healthcare organization, the sheer chaos caused by these attacks cannot be understated. Healthcare IT departments scramble to lock down email access, internet access, and computer networks to limit the scope of the damage, then work around the clock to get these vital systems back online.

Meanwhile, clinical staff revert to burdensome paper-based charting, leading to appointment and testing delays, and in many cases, the diversion of patients to less overwhelmed facilities. 

"Cyberattacks affect the flow of care and interrupt everyday activities," says Teresa Burns, the Privacy Officer of Protenus.

What we must never forget

A number of the experts on Protenus' team have worked within hospital walls and witnessed first-hand the devastating consequences that breaches and cyberattacks have on individual lives. In the work that we do today, we strive to remain cognizant of the fact that we are not merely working with "data." Breaches devastate the relationships, livelihoods, and lives of real people, and they must be prevented at all costs. 

During Cybersecurity Awareness Month, it is important to take a moment to sit with this reality, and use it to fuel a renewed commitment to grounding principles. This is why we asked Teresa Burns, Protenus Privacy Officer, to reflect on three concepts that require unwavering attention and understanding.

  1. 1. The sensitive nature of patient data

The information that patients share with their care team members is extremely personal. It is, in essence, a portrait of their life. When this data is exposed, patients are left feeling vulnerable and afraid. The data may include diagnoses that patients have not divulged to everyone in their life. People whose medication history is exposed may worry that it will interfere with their careers. Thousands of people may also be at risk of identity theft after a cyberattack, given the Social Security numbers, dates of birth, and addresses contained in medical records. Reversing the damage, when even possible, can take decades.

Though we may not see these consequences with our own eyes on a daily basis, they are real, they are frightening, and they must drive us to bolster privacy and security infrastructure with urgency and purpose. 

  1. 2. The high stakes unique to healthcare

No industry is immune to cyberattacks, but in healthcare uniquely they can mean the difference between life and death — for patients who happen to be receiving care at the time of an attack and in the weeks following. If surgeons are mid-operation when systems are shut down, they can't easily access important information on the patients' allergies, medication history, and so on. Stroke or heart attack patients in need of immediate care may be diverted to a more distant ER, eating away at precious minutes. Patients with scheduled procedures or appointments must deal with long delays to treatment while enduring pain, frustration, and fear. 

  1.  

This is all to say that successful attacks on healthcare IT infrastructure do not just affect abstract data points. They cause gut-wrenching pain, long-lasting suffering, and avoidable danger for each individual coming to an organization in their most vulnerable moments. 

  1. 3. The importance of patient trust

  2.  You can buy expensive MRI machines, install state of the art robotics, or add 200 more pediatric beds, but no healthcare organization can deliver quality care without patient trust. 
  3.  

When patients think twice about whether their data is safe with your institution, they may end up withholding information that is crucial to determining the proper course of treatment (ongoing substance use, mental health concerns, a complete medical history, etc.), putting safety in jeopardy. Alternatively, they may choose to forgo care altogether, allowing medical issues to worsen, or go to a competing facility for treatment. 

Each of these scenarios can be avoided through strong Privacy and Security functions operating in tandem. We should not just settle for meeting regulations — we should show patients that we care about and respect them enough to protect their most sensitive data. 

Safe with Protenus

Though Cybersecurity Month is coming to a close, cybersecurity threats to health systems are here to stay. A new report from SecureLink revealed that third-party attacks in healthcare are on the rise, underscoring the importance of performing user access reviews and partnering with vendors that abide by the strongest security standards.

"At Protenus, we realize that our partners are entrusting us with tremendously sensitive patient data, and our obligation to maintain the security of that data is not something we take lightly," says Teresa.

The Protenus Chief Information Security Officer, Brian Reavey, works diligently with his security team and technology teams at Protenus to ensure that Client PHI/PII data is protected within the Protenus platform throughout its lifecycle, from receipt to destruction. We employ state-of-the art encryption, as well as sophisticated key and data management techniques, to ensure this data remains secure as we empower health systems to scale their patient privacy monitoring efforts efficiently.

By giving prospective and existing customers transparency into why our Security and Privacy programs are extremely rigorous, we hope to provide assurance that patient data is safe with Protenus, so that you can protect the people who have entrusted it to you. We thank you for placing that trust in Protenus.

Protenus would love to know how your organization has recognized Cybersecurity Awareness Month and where our philosophies align. Fill out the form to get in touch.

Contact Us