COVID-19 has changed the technology landscape of senior living, including the use of telehealth, employees working from home and residents using devices to stay in touch with loved ones.

But that increased reliance on technology also has laid bare cybersecurity risks and potential information breaches facing older adults and the institutions that care for them.

In an Argentum white paper on “Cybersecurity Risks In Senior Living,” experts stress that organizations should turn to outsourcing or shared service models to protect themselves and the seniors they care for if they do not have sufficient resources in-house.

When it comes to breaches, the senior living industry pays almost $6.5 million, on average, which is 60% more than other industries, according to Rick Rumbarger, co-founder and CEO of ELK Analytics, an Ashburn, VA-based managed security services provider.

Rumbarger said that “non-traditional devices communicating from non-traditional places” affect security outside of the immediate corporate network. He recommends intrusion protection, data loss prevention and ransomware as the basic areas of focus for senior living.

Willis Towers Watson reports that its claims data repeatedly indicate that human error is the primary cause of cyber claims and losses, including accidental disclosure, social engineering, ransomware, stolen or lost devices, rogue employees and data theft. 

“A proactive assessment of a senior living organization that holistically evaluates the people, technology and capital component of cyber risk can be a prudent approach to understanding an organization’s situation and can lead to effective improvement plans,” according to the global advisory company. 

Diana L. Burley, Ph.D., chief research officer at American University, recommends that organizations conduct a needs assessment and audit of their systems to get a basic understanding of how their data flows and how different aspects of technology are accessed.

“What cybersecurity is really about is managing risks: making decisions that reduce the amount of risk that you put your organization, your organization’s data, your organization itself, the people — whether they’re employees, customer, residents, etc., and the amount of risk you put them in,” Burley said, adding that employees helping residents with technology need to have some level of cybersecurity education. “They need to be aware of certain risks and what to look out for, so that they are not introducing more vulnerabilities into the system while simply trying to help in other ways.”

Simple safeguards to reduce risk can include employee cybersecurity training, including work laptop safety and safeguarding sensitive information, and cyber liability policies that address cyber incidents, according to the paper.