Healthcare is a prime target for cybercriminals, with attacks reaching all-time highs. Many of these breaches are avoidable with the proper security measures.
There’s a growing responsibility that healthcare providers can’t afford to ignore if they want to completely protect their patients — and protect themselves from liability. We’re talking about strong WiFi security, and it’s one of the most pressing issues facing healthcare today.
Healthcare providers must treat cybersecurity with the same diligence they show the human body because cybercrime is a sickness that’s spreading. Here’s what health professionals are up against, and their responsibilities in preventing WiFi threats.
The current state of healthcare cybersecurity
Cyberattacks have climbed year on year, and 2019 is already the worst on record. A recent report from the US Department of Health and Human Services (HHS) Office for Civil Rights showed that in the first half of this year there were
more breached healthcare records than the previous three years combined. Hundreds of records were compromised, exposing and exploiting the
Protected Health Information (PHI) of millions of people.
The hackers are out in force, but hospitals, clinics and their associated partners are facing major security risks from inside, as well. HHS also highlighted a report that found
trusted insiders were at fault for 59% of all security incidents and breaches either deliberately or by oversight. Those who did so deliberately faced federal charges for exploiting patients by selling their PHI and filing fraudulent tax returns.
The “connected” hospital or clinic is the model of future medical care (the wireless medical market is
set to hit $110 billion by 2020) and WiFi is the backbone of it all. It’s vital that healthcare providers and their partners have WiFi that’s
HIPAA compliant.
WiFi and HIPAA security
The
HIPAA Security Rule applies to all entities involved in the storage or transmission of PHI, whether that’s directly as a healthcare provider or in an associated capacity. Technical measures must be taken to ensure that data is kept safe, confidential and available around the clock to those authorized to access it.
Authorization is a key concept. WiFi access should be strictly password protected — remember that more than half of healthcare security breaches are caused by so-called trusted parties. HIPAA further recommends that anyone with password access receive password awareness training and be assigned
a Unique User Identifier. This identifier keeps direct tabs on that individual to monitor their activity on the WiFi network.
Administratively, every healthcare facility should maintain access logs using a WLAN solution with central management to keep passwords in a single system. Safe, offsite storage of PHI is also recommended as a proactive step against a WiFi breach. This way, if hackers succeed in corrupting or disabling a database, it can be replaced.
The big technical problem with healthcare WiFi is that everyone uses it: staff, patients and visitors. Any one of those could bring a compromised device onto the premises and infect a network. The most effective healthcare WiFi configurations will have encryption as standard,
WPA2-PSK is typically considered the most secure.
Facilities should draw a line between public usage and traffic that touches PHI by employing separate
VLAN IDs and
SSIDs to more securely partition their WiFi. This is also called RBAC, or Role Based Access Control, and goes a long way toward ensuring HIPAA data compliance.
What healthcare providers are liable for
The best defense against liability is partnering with a knowledgeable WiFi and security provider to keep your facility’s security strategy proactive. Otherwise, financial losses due to compromised WiFi are significant. HIPAA assesses liability through a per-violation system built on 4 tiers:
- Tier 1: The covered entity did not know and could not reasonably have known about the breach. $100 to $50,000 per incident up to $1.5 million.
- Tier 2: The covered entity knew or by exercising reasonable diligence would have known of the violation, though they did not act with willful neglect. $1,000 to $50,000 per incident up to $1.5 million.
- Tier 3: The covered entity acted with willful neglect and corrected the problem within a 30-day time period. $10,000 to $50,000 per incident up to $1.5 million.
- Tier 4: The covered entity acted with willful neglect and failed to make a timely correction. $50,000 per incident up to $1.5 million.
The
HSS website has more information on just how severe penalties can be for healthcare providers — massive fines that will only be compounded by patient litigation and loss of reputation.
The human cost if healthcare WiFi is compromised or disabled is tremendous. A breached record due to poor WiFi security can leave that patient open to identity theft, fraud or blackmail. Since WiFi will become the prime mover of on- and offsite communications between healthcare providers,
it could truly be a matter of life or death if that communication takes place over an unsecured or aging network.
We recommend that healthcare providers take advantage of HIPAA’s
security guidance resources and this
risk assessment tool to see how their current security shapes up. From there, building the right WiFi security framework requires a professional team to assess the unique needs of your facility and staff.
How Unisol International can help
As award-winning providers of advanced technology solutions, our team offers WiFi and wireless networking components alongside cybersecurity, cloud backup and collaboration tools to help your team stay connected. We like to help clients build their projects from the ground up with a focus on their individual requirements.
We also offer affordable, world-class training and certification programs. Our wide portfolio of instructors is prepared for on-site and on-line courses ranging from basic electronic security, networking and audio/video classes to advanced configuration and vendor-specific studies.
We take pride in helping our customers make a smooth transition into an increasingly digital world.
Connect with us at the link below to learn more.
UNISOL International is a worldwide merchandiser and leading technology solutions provider to 16 industry sectors, offering a turn-key approach with a customized, integrated, total solution concept that combines product fulfillment and a-la-carte professional services. Get in touch with us for expert advice on technology which suits your needs.