Why Stronger Security Strategies Are Needed
For healthcare organizations looking to offer at-home acute care, end-to-end security with a zero-trust policy is imperative. It must encompass all relevant people (including IT and security administrators, staff and contract workers) and hospital governance policies, and include leading-edge technology that complies with HIPAA and other healthcare regulations.
Cybersecurity for at-home acute care must incorporate robust technology built into the hardware and application software, not as an add-on or afterthought. The security mechanisms should address current threats such as malware and ransomware.
Participating at-home acute care organizations must construct strong security policies and procedures governing the use of hospital-owned and staff-owned devices. Bring-your-own-device equipment is one of the chief culprits in healthcare data breaches. It’s difficult for hospitals to control the security of their employees’ personal mobile devices, which may contain patient information. The risks are even greater when at-home acute care patients are included.
LEARN MORE: What is digital health and how is it evolving?
Therefore, healthcare organizations should enact specific rules and prescriptive guidance for security administrators, employees and patients. No one should be exempt. This means deploying the proper technology and keeping software and systems up to date. Implementing strong access controls are imperative to enable identity governance, manage workforce security and consumer identity and access, and control privileged accounts.
Healthcare organizations with at-home acute care programs should educate employees and patients on how to spot the latest malware, ransomware and phishing schemes. For their part, all end users must adhere to best practices. That means limiting access to at-home acute care employees’ devices and patient-owned devices on a need-to-know basis.
Consider tailored patient education: Older adult patients, for example, may need to include family members or other caregivers in their at-home acute care program, so they should be given security training as well. Perhaps a primary caregiver needs to assume responsibility for the security of (and access to) any connected medical devices.
EXPLORE: How the modern data platform fuels success.
Hospitals should also emphasize to patients the importance of maintaining records of passwords, prescriptions and important account information in a safe place and strictly limit access. At no time should at-home acute care staff or patients ignore, bypass or turn off security mechanisms such as multifactor authentication.
The healthcare cybersecurity landscape is continuously shifting. Malicious actors are relentless. They want to infiltrate healthcare networks and exfiltrate data. Cybercriminals have to be right only once to access confidential patient health data. As care delivery moves beyond hospital walls, security needs to be paramount.
