By Mackenna Moralez

Technology has taken the healthcare industry by storm. A report by JAMA Network found that more patients are willing to give their private information through an app rather than face to face. As more patients use technological offerings, it is up to healthcare facility managers to ensure the security of patient data. 

One challenge is that the global cybersecurity workforce is 65 percent smaller than it should be, according to a study by (ISC)2. In the next two years, organizations will need to prioritize cybersecurity. All cybersecurity programs need more organizational support. This includes tight security budgets and growing legacy footprints, according to a HIMSS report. Despite the call to beef up cyber practices within healthcare facilities, many organizations have yet to fully implement them.  

“Human beings by nature are conditioned to question anything new,” says Jimmy Hurff, senior vice president of data and analytics with GHX. “Knowing this, we should expect patients to be curious or even skeptical about any new technology we introduce in the care environment. Building trust involves clear and consistent communication with patients. The onus is on healthcare professionals and administrators to explain why a new technology and process is being introduced with specific attention given to outlining what patients can expect, including both the benefits and potential risk.” 

The longer hospitals and healthcare facilities fail to address these concerns, the more they put their patients at risk for their private information getting leaked.  

In February, Montrose Regional Health notified patients and families of cybersecurity attack that took place within its organization between August 2, 2021 and October 26, 2021. At the time of publication, the facility is investigating the attack and was unable to confirm if specific information within the email accounts were accessed. However, it was able to determine that hackers took the following patient information:  

• names 
• inpatient/outpatient status 
• internal patient account number 
• service date 
• treatment cost 
• procedure code 
• provider name/ health insurance provider 

Montrose Regional Health reset account passwords upon discovering the attack and are reviewing its policies and procedures. Over 52,000 patients had their information compromised.  

Hospitals and other healthcare facilities are a key targets of cyberattacks because they have a high number of electronic devices, systems are outdated and healthcare staff are too busy to stay updated on proper cybersecurity training. The more vulnerable a system is, the more likely a patient will lose trust in its operations. 

“We also live in a data saturated world,” Huff says. “More technology means more data and many patients are worried about their privacy. Healthcare organizations can continuously build trust with patients by demonstrating their organization’s security posture, securing third party accreditation and ongoing compliance with the latest security requirements.” 

Mackenna Moralez is assistant editor with Healthcare Facilities Today.