Nursing homes and senior living communities and residents are often vulnerable to cyberattacks, such as data breaches that hack personal and medical information and other bad actors stealing passwords to commit fraud. The reason in many cases? Human error. Cybersecurity company NordLayer last week shared the results of their research on the reasons behind these vulnerabilities.
Cyber criminals prey on the healthcare industry because of its sensitive and expensive data and lack of network security, NordLayer said. Most breaches are caused by hacking, while human error accounts for 20%.
Nursing homes, in particular, often are the target of cyberattacks, with cyber criminals targeting third-party vendors or facilities to get access to resident, patient and employee data for use in fraud or identity theft schemes. Global cyberattacks against the healthcare industry are up 74% from last year, Brian Schnese, assistant vice president and risk consultant at Hub International, told McKnights Long-Term Care News in April.
“Data breaches happen because of human error, weak passwords, or unintentional actions by employees that may result in allowing a security breach to take place or spreading it,” Carlos Salas, NordLayer’s head of platform engineering, said in a statement. “Usually, these actions include someone clicking on suspicious emails without thinking. Physical theft is also common. For example, a curious person may plug an unattended USB drive into a computer that stores critical information, and hackers can then easily access a company’s confidential files.”
To help prevent human error, the Department of Health and Human Services launched new tools last week to help nursing homes curb cyber attacks. Those tools included a platform to educate staff on social engineering, ransomware, loss or theft of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.
Health Industry Cybersecurity Practices 2023, a manual by HHS for the healthcare industry updated this year, covers ways to mitigate cyber threats and keep residents and patients safe. New information is included on social engineering attacks, which try to get people to reveal information, such as passwords, that can then be used to attack a network.
Protecting resident data
Salas’ tips on protecting resident data include using verified cybersecurity software, installing it on every connected device and securing the network, updating software regularly, training staff on cybersecurity and strengthening system access controls.
He also suggests conducting regular risk assessments to identify weaknesses in any provider systems.
