- The American Hospital Association (AHA) aims to help providers develop and share approaches to developing strong healthcare cybersecurity measures through its Cybersecurity webpage, according to a recent blog post.
The webpage is dedicated to providing resources to healthcare organizations about cybersecurity threats and data security reduction and response plans.
“The AHA and hospital leaders take these cybersecurity challenges seriously because protecting patients and their personal data is a 24-7, year-round responsibility and hospitals are continuously working to improve the security of their networks through implementing security measures, testing, maintaining back-ups, and deploying the latest upgrades,” wrote AHA President and CEO Rick Pollack in the blog post.
Healthcare cybersecurity goes beyond the IT department and affects the entire organization, according to AHA. Hospitals and healthcare organizations must develop organization level risk management and response plans, provide training for all staff that can access networks, and bolster board support.
“Security is not just a technical issue, and many different steps need to be taken to ensure that hospital policies and staff training support information system security,” stated AHA in a fact sheet. “Hospitals also must ready their response plans for those occasions when incidents arise.”
The AHA reminder about their cybersecurity resources comes at an appropriate time.
A recent study by Baker Hostetler revealed that more healthcare data breaches occurred in 2015 than any other type of data breach. Previous Baker Hostetler studies have found that healthcare is consistently one of the top affected industries when it comes to data security events.
Just as healthcare technology is becoming more sophisticated, so are cybersecurity threats. With the introduction of wearable health devices, electronic health records, and interoperable health IT systems, hackers are designing new ways to access digital health information.
Entire healthcare organizations can come to a halt if affected by a cybersecurity attack. Threats, like ransomware, can target an entire health IT system rather than just one computer, reported AHA in a recent blog post about hospital ransomware.
“Because we live in a networked world, and computers are most often connected to a network, infecting a single computer with ransomware can reach the whole network,” stated AHA counselor Mary Ellen Callahan. “In recent cases, the ransomware has encrypted files on the servers, not an individual computer, and brought down the whole network.”
Healthcare providers must rely on more than HIPAA regulations to protect health information from intricate threats. Organizations may also need to install cybersecurity frameworks to respond to the evolving cyber threats to patient data.
On its webpage, AHA links healthcare providers to resources on how to establish and implement cybersecurity initiatives that support the President’s executive order on improving cybersecurity infrastructure.
AHA also connects healthcare providers to opportunities to share healthcare data security information, including the Health Information Trust Alliance, the Homeland Security Information Network, and the Healthcare and Public Health Sector Coordinating Council.
“Getting involved in sharing information opportunities is crucial to staying ahead of emerging cybersecurity risks,” wrote Pollack.
By reminding providers about the webpage, AHA said it hopes to help healthcare organizations develop more comprehensive cybersecurity measures that are implemented across the entire industry.