Joint guidance issued by the American Medical Association (AMA) and the American Hospital Association (AHA) can help physicians and other healthcare providers mitigate cybersecurity threats while working remotely during the COVID-19 pandemic. According to a resource developed by the two associations, there are “increased security threats to medical data due to the pandemic,” and cyber criminals are taking advantage of a remote work force and the surge in telemedicine.
The AMA and AHA say cyberattacks can disrupt medical practices and hospitals and impact patients’ safety and well-being, making it essential to implement protections for personal computers, mobile devices (like phones and tablets) and home networks. Their recommendations address risks specific to each of these technologies and include:
- use of Virtual Private Networks or cloud-based service with strong authentications and frequently updated security patches and secure backups with offline segmented backup copies of data, different media types and cloud-based backup on personal computers;
- installation of up-to-date versions of operating system software on iPhones/iPads and Android devices and the use of federal government recommended apps and services for telemedicine services; and
- use of firewalls and strong password protection for home wireless networks.
In addition, the AMA and AHA alert physicians to the heightened risks associated with technology used by healthcare organizations on-site, stressing the importance of maintaining what it calls “cybersecurity hygiene” and paying specific attention to vulnerabilities in medical devices.
Within the AMA/AHA warnings are reminders of several best practices for boosting cybersecurity, whether at home or in the office, such as ensuring all users understand how to protect against:
- e-mail phishing (such as links, attachments, downloadable files and installation of new programs, which can appear like “reputable information from trusted sources”) and
- ransomware, which is typically embedded in e-mails with an attachment or link and can encrypt or lock data until a demand is paid.
MLMIC encourages all insured physicians, other healthcare providers and facilities to remain vigilant in the use of electronic devices and offers a number of resources that can help policyholders mitigate cybersecurity threats:
- Mitigating Cybersecurity Threats During the COVID-19 Pandemic, a blog post on the increased risk of cyberattacks during the COVID-19 emergency;
- New Cybersecurity Protocol for New York State Healthcare Organizations, a blog post on New York State cybersecurity protocols for safeguarding private information;
- As Top Targets for Hackers, Healthcare Organizations Must Remain Vigilant in Protecting PHI, a blog post to help policyholders mitigate risk of a data breach; and
- Security of Patient Information and Health Information Technology, a risk management tip for maintaining the security of computers and other electronic devices in medical offices and hospitals.