OR Manager August 2023 - 18
Technology
Takeaways
* Patient data & safety are at risk: 94% of hospitals have experienced at least one cyberattack.
* Less than half of hospitals in the US carry cybersecurity insurance.
* Security is a two-part strategy: cybersecurity insurance as well as preventative measures (eg, encrypted backups,
patches, and training).
Cybersecurity, Belli
Continued from page 1
which operates 400 facilities, resulted
in a $67 million loss in 2021.
These are just a few of the cyberattacks
that have left hospitals and
health systems reeling. The majority
of healthcare organizations-around
94%-have experienced at least one
cyberattack, according to a 2020 article
in the Journal of Healthcare Risk Management,
which noted that 150 million
protected health records were breached
between 2009 and 2014. In 2019,
there was a 70% increase in breaches
compared to the 6-year average.
Rural hospitals are particularly vulnerable
because of lack of resources.
According to a May 2022 Guidehouse
report, some 25% of rural hospitals in
the US are at a high risk of closing because
of financial strains, yet 82% are
considered " highly essential to their
communities. " According to a report
from the University of North Carolina at
Chapel Hill, 149 rural hospitals have
closed or been converted to Rural Emergency
Hospitals offering minimal services
since 2010.
Another area of vulnerability is patient
records. Electronic health record
(EHR) data is highly valuable to cyber
criminals, drawing 10 to 100 times
the value of credit card information on
the black market, according to an April
2020 review in the Journal of Medical
Systems.
The combination of valuable patient
data and the time pressure of hospital
operations makes them a prime target,
says Soumitra Bhuyan, PhD, MPH,
associate professor at the Bloustein
School of Planning and Public Policy
at Rutgers University, New Brunswick,
18
OR Manager | August 2023
New Jersey, and one
of the review authors.
" If you hijack a surgeon
doing surgery, or doctors
in the ICU can't get
access to the system-
what will the hospital
do? Criminals understand
the time aspect
and take advantage of
Soumitra
Bhuyan,
PhD, MPH
it. It's life and death for the patient. "
The solution is two-fold, say experts:
implementing cybersecurity insurance
and putting in place a comprehensive
security plan that allows for strong preventative
measures.
Where vulnerabilities arise
" There's a combination
of bad conditions that
in aggregate make hospitals
good targets, "
says Michael Hamilton,
former chief information
security officer for the
city of Seattle and cofounder
of security firm
hospitals and healthcare
systems responding
to the COVID-19
pandemic, " says Lisa
Pino, director of the Office
for Civil Rights at
the Depar tment
Health and Human Services
(HHS). " More than one healthcare
provider has been forced to cancel surgeries,
radiology exams, and other services
because their systems, software,
and/or networks were disabled. "
Though costs continue to rise
sharply for hospitals, including for labor,
drugs, and supplies, reimbursements
from Medicare and Medicaid have not
Michael
Hamilton
Critical Insights. " Hospitals are willing
to pay an extortion demand to get back
in working order, and they are so financially
crushed because of the healthcare
system that they can't prioritize
spending [on cybersecurity]. There are
other sectors like that-local government
and manufacturing-that still have
a 20th century attitude toward risk management, "
he adds.
Elective surgical procedures represent
a significant source of revenue for
hospitals, but the COVID-19 pandemic
caused many to delay or avoid them,
leading to a collective national revenue
loss of more than $22 billion, according
to a May 2021 Annals of Surgery
article.
" Cybercriminals took advantage of
kept pace. Hospitals experienced a
-8.5% margin on Medicare services in
2020, and -9% in 2022, according to a
May 2022 American Hospital Association
report. Underpayments from Medicare
and Medicaid to hospitals were
$100 billion in 2020, up from $76 billion
in 2019.
" Healthcare systems are struggling, "
says Bhuyan. " When they struggle, each
department gets affected, including the
IT side. Sometimes leadership doesn't
see IT as an investment but as a cost
center and struggles with qualified HR
on that side. " Rural hospitals, in particular,
struggle to find people to help
them secure their systems because
they need resources they do not have to
beef up protection, making them vulnerable
to attacks, he adds.
In addition to hospitals lacking resources,
the increasing number of devices
in hospitals provide prime opportunities
for cyberattacks. In the US, there
are 10 to 15 connected devices per
hospital bed, according to an October
2020 article in the Journal of Health
Risk Management. And patients often
access their medical records on their
www.ormanager.com
of
Lisa Pino
http://www.ormanager.com
OR Manager August 2023
Table of Contents for the Digital Edition of OR Manager August 2023
OR Manager August 2023 - 1
OR Manager August 2023 - 2
OR Manager August 2023 - 3
OR Manager August 2023 - 4
OR Manager August 2023 - 5
OR Manager August 2023 - 6
OR Manager August 2023 - 7
OR Manager August 2023 - 8
OR Manager August 2023 - 9
OR Manager August 2023 - 10
OR Manager August 2023 - 11
OR Manager August 2023 - 12
OR Manager August 2023 - 13
OR Manager August 2023 - 14
OR Manager August 2023 - 15
OR Manager August 2023 - 16
OR Manager August 2023 - 17
OR Manager August 2023 - 18
OR Manager August 2023 - 19
OR Manager August 2023 - 20
OR Manager August 2023 - 21
OR Manager August 2023 - 22
OR Manager August 2023 - 23
OR Manager August 2023 - 24
OR Manager August 2023 - 25
OR Manager August 2023 - 26
OR Manager August 2023 - 27
OR Manager August 2023 - 28
OR Manager August 2023 - 29
OR Manager August 2023 - 30
OR Manager August 2023 - 31
OR Manager August 2023 - 32
https://www.nxtbook.com/accessintelligence/ORManager/orm_jan_feb-2025
https://www.nxtbook.com/accessintelligence/ORManager/orm_november-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_asc_october-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_october-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_september-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_august-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_july-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_june-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_may-2024
https://www.nxtbook.com/accessintelligence/ORManager/ormc_brochure_march-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_april-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_asc_march-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_march-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_february-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_january-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_november-2023
https://www.nxtbook.com/accessintelligence/ORManager/orm_october-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2023
https://www.nxtbook.com/accessintelligence/ORManager/ormc-brochure-march-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2023
https://www.nxtbook.com/accessintelligence/ORManager/orm-february-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-december-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2022
https://www.nxtbook.com/accessintelligence/ORManager/ormc-brochure-may-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-december-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-April-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-december-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-december-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-december-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2018
https://www.nxtbookmedia.com