Some of the most commonly used technologies in home care also are among the easiest for criminals to exploit. To make sure data do not fall into the wrong hands, providers need to stay current on the latest cybersecurity practices, according to a new report by product evaluation and safety firm ECRI.
Remote access systems include any technology that allows users to connect to and access a computer, server or network remotely. Within home care, these systems could be tools such as remote patient monitoring devices, secure messaging apps, telehealth platforms, cloud-based applications or systems that allow users to remotely access patient data, according to the Department of Health and Human Services. And although those technologies bring efficiency, they also can expose providers and their patients to risk.
“Healthcare has been transformed by the introduction of remote access technologies — particularly in home care, where it is crucial to have accurate real-time data and input to improve member care, access specialized expertise and facilitate timely interventions,” Stephen Vaccaro, president of home care management solutions firm HHAeXchange, said in an email to McKnight’s. “However, increased connectivity can bring cybersecurity challenges that necessitate proactive protective measures.”
In recent months, ransomware groups increasingly have targeted healthcare organizations’ remote access systems, the ECRI report noted. Those systems often are a “point of initial compromise,” and from there, bad actors can exercise significant control over an organization’s most important processes.
The most high-profile cybersecurity breach of late is the February cyberattack on Change Healthcare, a UnitedHealth Group subsidiary that connects healthcare providers with insurance organizations.
Best practices
Given remote access systems’ extensive use by home care providers, it’s essential to follow best cybersecurity practices to keep important data safe, explained Chris Thomas, chief revenue officer of healthcare cybersecurity firm AlgoSec.
“Caregivers are consistently working in remote environments; connecting to networks via their mobile devices from different locations and accessing sensitive data via cloud-based applications; leaving systems open to vulnerabilities if there are gaps in security policies,” Thomas told McKnight’s. “Adopting a zero-trust approach — along with multifactor authentication — is essential to protecting networks and data.”
A zero-trust approach involves cybersecurity procedures that prevent any unauthorized access to data. Caregivers play a critical role maintaining this security, according to Vaccaro.
“Home care agencies should exercise control and visibility when granting credentials and permissions,” Vaccaro said. “Users should be provided access only to the patient information relevant to their jobs. To ensure that access rights are granted according to current policies and removed when no longer required, agencies may consider automating processes governing access control and compliance.”
This article originally appeared on McKnights Home Care
