Human errors with IT are a serious issue affecting the healthcare sector around the world.Without reliable, robust systems and software in place, mistakes can be made and patient safety and outcomes can be compromised.
Staff ignorant to cybersecurity risks, out of date software, software systems not being used properly, outdated health IT infrastructure and even reluctance by some healthcare organizations to fully embrace digital technology means can result in a number of negative outcomes. As well as compromising the health, safety and even lives of patients, hospitals and healthcare organizations can also suffer financial losses and be at risk of fines, penalties and civil litigation as a result of failing to keep confidential data secure. There’s also the issue of representational damage, and a loss of trust from patients or potential patients.
Any error, including cyber attacks, that leads to downtime in IT and healthcare is costly. When staff can’t access patient records or test results, admit new patients or properly discharge existing ones it creates a safety risk and has a lot of costs associated with it.
A Ponemon Institute study found that in terms of total costs of unplanned outages, healthcare ranked third across 15 different industries. It estimated that outages cost healthcare organizations somewhere in the order of $690,000 per outage incident.
As the world has seen from numerous ransomware attacks that have hit the healthcare sector particularly hard over the last few years, hospitals and healthcare organizations can quickly be rendered incapacitated if employees don’t know how to properly identify external threats. Hospital administrators end up spending time and resources dealing with mopping up these threats that could be better spent elsewhere: mainly on patients.
In the United Kingdom alone, the WannaCry attack is estimated to have cost the NHS £92 million and lead to the cancellation of 19,000 patient appointments, including surgeries.
It was revealed that the NHS was using outdated IT systems – including a 17-year-old operating system, Windows XP, that left them extremely vulnerable to attacks.
Research by Recorded Future into healthcare ransomware statistics found that around 4.5 million patient records have been compromised as a result of ransomware related security breaches.
Even after an attack, there are still issues. Researchers from Vanderbilt University have found hospitals that have been affected by ransomware or other data breaches are more likely to have higher death rates among heart attack patients.
According to software security vendor Malwarebytes, healthcare is the seventh most targeted industry in the world in terms of cybercrime.
In 2019, healthcare organizations’ threat detections increased by 60% compared to 2018. The United States Department of Health and Human Services estimates there’s been an average of 4000 ransomware attacks every day since 2016.
This issue isn’t going away.
How health IT can help to overcome these issues
Many of the major healthcare data breaches we’ve seen in recent years have quite catastrophic for the organizations involved – but could have been avoided entirely. They were the product of either employee negligence, ignorance or other basic mistakes.
IT has an important role to play in the health sector to reduce mistakes and make it easier for healthcare professionals to care for patients and deliver successful outcomes. Invest in new software solutins that will help you to arm your people with the knowledge to overcome a range of issues that could affect you healthcare organization.
1. Abandon or upgrade outdated systems
Antiquated infrastructure like pagers and fax machines are still in use in many facilities. Paper-based file systems are also used in many organizations that still haven’t switched to electronic patient records. These might co-exist with IT systems, and make record-keeping and information sharing a nightmare, which can lead to errors. Paper-based records are also harder to keep secure.
Out-of-date software systems, mentioned above with the WannaCry example in the UK, leave hospitals and healthcare organizations vulnerable to attack.
2. Rethink your awareness and training approach
If ransomware attacks are able to keep hitting hospitals hard every year, even after the enormous publicity it has received in the media and presumably internal information campaigns that healthcare providers have rolled out to their employees as a result, something is not working if people keep opening suspicious attachments or clicking on malicious links.
Building a culture of cybersecurity within your organization is the only way to cut through and change these attitudes. You can’t just rely on traditional training methods.
Cyber security should be second nature to your employees in the same way they know how to control biological infections. Digital billboards can help to deliver this information to your employees ongoing with eye-catching screen displays in break rooms and other areas where employees will see the messages.
Regularly quizzing your employees, for example, can help you do understand what their levels of knowledge are and you can tailor solutions to these results.
Health IT has a role to play in providing platforms for education and training, including sending reminders, updates and refresher information. Quizzes can be sent to employees to determine how well they have retained information, and your HR and training employees can then develop strategies to fill any knowledge gaps.
3. Find more effective and efficient ways to communicate
When there’s an issue that could affect patient safety or your IT and healthcare systems, letting your employees know quickly is important. If you’re relying on email for this, think again. Many employees in the healthcare sector don’t have time to check their inboxes every day and lots of information is missed, or seen when it is too late to take action.
Try sending pop-up alert notifications to all computer screens within an organization. You can inform employees about absolutely anything that’s urgent: whether it’s a new computer virus that’s threatening the healthcare sector, critical issues with equipment, or surges in patient numbers due to disasters you can use an alerting system to quickly let affected employees know, and tell them the steps that they need to take.
Protect your systems to stop malicious attacks - send full screen alerts when there is a known threat and lock computers so that employees are unable to use them.
Thinking outside the box and adopting new, innovative, digitally-driven tools to overcome common issues could save your organization a fortune in the long-run, and also save the lives of your patients.