Wednesday 28 April 2021

Should Doctors Receive a Cybersecurity Education?

Article by Beau Peters

It is no secret that medical professionals of all levels need to maintain a vast amount of knowledge in their brains at all times. After all, having experience and education is crucial to saving lives and helping patients. But should an understanding of cybersecurity be added to their repertoire? If they want to give the best overall care inside and outside of the clinic, then the answer is yes.

As technology has evolved and we have moved to a more remote work environment, it is essential that cybersecurity becomes part of training for everyone in a medical organization, from human resources to the doctors themselves. By knowing the threats and understanding the solutions, doctors can protect their patients and provide advice to keep them safe even after they leave the office. Below are some of the many reasons why doctors should receive a cybersecurity education.

Following Privacy Guidelines
These days, technology is being used in the medical community more than it ever has before. Currently, medical devices and tools outnumber actual human doctors by 3 to 1. While this is great for providing patients with around-the-clock support, the downside is that hackers have been breaching medical devices and computers in record numbers. That’s not all. Even though these risks exist, recent studies show that 32 percent of medical employees don’t have any cybersecurity training, including many doctors.

While the increased number of threats should be reason enough for cybersecurity training, there are also guidelines in place that require medical establishments to keep customer records safe. In the US, for example, along with the Health Insurance Portability and Accountability Act (HIPAA), there are the HIPAA security and privacy rules, which state that medical establishments must ensure that patient data is left confidential and that a practice must defend against any known security threat. Without educating the doctors, these guidelines cannot be met.

Cybersecurity education should also be taught because failing to protect your customers is not only right, but failure to do so could be disastrous for your practice. Recent numbers show that the average cost of a medical breach is upwards of seven million dollars, which is money spent on data recovery and fixing vulnerabilities. A medical practice that does not have the type of money to recover after a breach may have to close its doors.

Do No Harm
Just about any form of personal patient information can be used maliciously. Social security numbers and credit card information can be used to take out fake loans, which could result in bankruptcy or worse. Even email addresses can be used to send phishing emails and log into personal accounts.

Doctors who understand cybersecurity threats can also help to avoid more immediate threats that could even occur during surgeries. Hackers often use ransomware to infect and gain control of computers or medical apparatus. Once they do, they can lock the device until the hospital pays a hefty ransom to have the machine turned back on. This has occurred in hospitals in the past, and it can be deadly for patients who need immediate care.

Doctors who are educated on cybersecurity can ensure that their practice has the proper prosecutions in place. This includes updated antivirus software and a firewall on all internet systems to block unwanted traffic. Educated doctors will also recognise the importance of backup servers that can hold patient data and other information in the case that the main network is compromised.

Security and Telehealth
The arrival of COVID-19 required many business and medical offices to transition to a remote workforce which meant that many doctors had to adjust and begin treating non-emergency situations with telehealth platforms. The technology has grown exponentially over the last year, and due to its popularity, it is likely not going away anytime soon. However, while it is convenient and helpful, especially for elderly patients and those in rural areas, telehealth is also a target for hackers.

The issue is that the tech is still not completely understood by patients or doctors, and hackers use that vulnerability to find holes that they get through to steal data, listen in on video calls, and expand to other programs to steal even more data. Doctors who are informed on the risks of telehealth can educate the patients with an email before the telehealth session to tell them what to expect and how to protect their connection.

For instance, guidance should include precautions to use when talking to the doctor in a public place. It is in this environment that hackers can set up fake Wi-Fi accounts that look legitimate and are often advertised as free. However, when the patient connects, they are really connecting directly to the hacker. Doctors can advise them to only use telehealth in their home or to ask the owner of the establishment for the correct network.

Patients should also be told about the danger of phishing emails. Hackers can take advantage of those who frequent telehealth and send fake invites that appear to be from their doctor. There is typically a link in the email, and when clicked, the hacker gets access to their system. Doctors who are aware of the threat of phishing emails can advise patients to only open emails from their office, which should be sent through a secure service that requires a password to access.

While many doctors may feel that they don’t have the time to learn about cybersecurity, the fact is that doing so is more important than ever. Digital care is becoming as important as physical health, and a well-informed doctor can provide their patient's all-around care.

No comments: