During the recent Safeguarding Health Information: Building Assurance through HIPAA Security conference, the HHS urged healthcare organizations to use advanced security measures to address ransomware threats, legacy systems, medical device risks, and data breaches.
According to HHS Cyber Security Operations Cyber Threat Intelligence Branch Chief Rahul Gaitonde, “Healthcare providers are prime targets for ransomware due to the critical nature of their services and the sensitivity of patient data.”
Moreover, when healthcare providers are targeted, the repercussions can be catastrophic, compromising the privacy and security of patient data and interrupting healthcare operations.
Another urgent issue presented at the conference was the reliance on legacy systems. "Many healthcare institutions rely on outdated software and systems creating security vulnerabilities,” Gaitonde explained.
Hackers prefer these outdated systems as they are usually less secure as evidenced in the WannaCry attack in 2017. The attackers exploited weaknesses in the UK's National Health Service, causing $4 billion in losses and disrupting patient care.
Connected medical devices such as pacemakers and insulin pumps improve patient care. However, these devices also create "unique security challenges" with the “life-threatening potential [of] security flaws.”
As an example, Gaitonde mentioned the 2017 pacemaker vulnerabilities case which led to the recall of over 465,000 devices.
Data breaches are among the great challenges healthcare organizations confront, and these breaches have severe consequences “including identity theft and compromised patient care."
Even with strict regulations like the Health Insurance Portability and Accountability Act (HIPAA), these breaches continue to occur, compromising patients’ protected health information (PHI).
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
Encryption converts email content into a secure format only authorized recipients can access. Ultimately, it prevents unauthorized PHI disclosure that leads to costly data breaches and costly HIPAA fines.
Yes, providers can integrate a platform like Paubox with existing email systems such as Google Workspace or Microsoft Outlook. Paubox automatically encrypts emails and does not require recipients to use portals or keys. So, providers can use regular emails without compromising patient privacy or violating HIPAA regulations.
Learn more: HIPAA Compliant Email: The Definitive Guide