When your cybersecurity is compromised, it can be irritating, expensive, embarrassing and incredibly problematic. But can it really become a matter of life and death?
As more medical appointments unfold virtually and patient data is transmitted or exchanged electronically, threats and mishaps are spiking in their scope and intensity; and it’s even more critical for our clients and their associates to remain proactive. In September, a crippling ransomware attack of a hospital in Germany led to a patient’s death by compromising and delaying the emergency treatment she needed. “The hackers did not realize that they had infected a hospital and actually tried to undo the ransom for free, but it was too late to save the patient,” says my colleague Alan Winchester, the leader of our Cybersecurity Protection and Response practice group.
While this example is extreme, it lays bare the risks for health systems, as well as for their business associates who may need access to sensitive or confidential information. All parties involved need to adhere to the highest standards of HIPAA compliance when it comes to protecting health and personally identifiable information. Even when these standards result in minor inconvenience – such as extra layers of passwords or decryption issues – they’re even more critical in this fraught and sensitive time. This series will explore the best practices that have emerged in the current landscape of cybersecurity and remote working.