Why LTPAC communities should worry about cyber security

Chris Lisser

Chris Lisser About The Author

June 12, 2018

Cybersecurity is a concern for everyone as this world becomes more and more connected, but it's of particular concern in the area of long-term post-acute care (LTPAC) for a number of reasons. Here are a few reasons why LTPAC communities should worry about online security, and what can be done for each.

Networked Devices

Due to the Internet of Things (IoT) being a major trend these days, the medical side of this trend is also on the rise. As a result, you have situations where there are medical devices connected to all manner of systems. In other words, people's pacemakers and heart monitors are connected to the Internet like never before.

This means that security vulnerabilities for these devices are of particular importance, especially when it comes to LTPAC scenarios, as the devices are going to be connected for a considerable amount of time, and they will be crucial to positive outcomes, or at least avoiding negative ones. In general, when someone hacks a system, they either simply make themselves a minor nuisance, or at worst take private data. While this is potentially dangerous, it's minor compared to what could happen if a virus or other attack finds its way into a device that is literally keeping an LTPAC resident alive.

Fortunately, it's possible to prevent these issues by making sure the firmware of such devices are continually updated, and all other security measures are followed.

Ransomware Attacks

The term "ransomware" refers to a cyber attack where the contents of a hard drive are encrypted so the rightful owner is then unable to access them. A message will then appear on the screen, stating that the files on the computer can no longer be accessed until such a time as money is deposited into the attacker's accounts, often though something anonymous such as bitcoin. This becomes a particular problem when the computers targeted are connected to health offices and LTPAC organizations.

The organization may not have the kind of money the attackers want, even if it decided to pay the ransom, which it never should. In the meantime, the data is locked and can't be used, which can be an enormous problem if the data is needed for medical purposes that could be crucial to maintaining positive health outcomes for long-term patients.

The way around this particular problem is largely through training and prevention. It's important to train your employees on cyber security threats so they don't click on any files coming from the outside without being sure of what those files are. You should also have systems and training in place to ensure your employees save critical documents to secure file locations that are backed up on a regular basis.

Older Systems

Patients and staff sometimes use older devices (laptops, desktops, kiosks, etc.) either due to convenience (it’s easier to use an established device and operating system that people are familiar with) or cost (newer devices cost real money in terms of hardware and sometimes in software licensing). As a result, people often continue to use these devices beyond their supportable life, meaning those devices and the software running on them are no longer being actively patched or updated.

Therefore, it could be the case that systems used by patients or staff are running operating systems like Windows XP still. And, while this operating system might be capable of performing its functions technically, the issue is that it's no longer supported. This means it's not getting security updates from Microsoft. This is highly dangerous from a security standpoint if you have important private data to protect. The reason for this is because new threats emerge to threaten operating systems daily, and the security updates are the only thing to protect from that. As a result, it’s critical to upgrade the operating system to a supported version.