Even before COVID-19, more people than ever were working remotely. In 2019, 43% of Americans worked from home occasionally while just over 5% did so full-time. In healthcare, remote work has gained steam in the past several years, and organizations have adopted new best practices and technologies to maintain HIPAA compliance.
Last month, a major obstacle to large scale remote healthcare work was removed when restrictions on telemedicine were temporarily lifted. Though it’s difficult to predict precisely what a post-coronavirus world will look like, it seems as though remote work in healthcare is here to stay.
Where we work has changed, but the genuine threat of cyber crime remains the same. Hackers can and do target remote workers. In fact, they’re amping up their tactics in light of COVID-19. Healthcare professionals are particularly vulnerable to cyber attacks because of the types of data their devices contain.
Let’s look at threats they face and how to protect remote healthcare work below.
Why healthcare work needs precautions
It’s easy to take for granted the security measures already established in a healthcare organization. Similar to the business world, most hospital systems have firewalls, network protection, identity management, and other tools in place.
Despite this, healthcare systems are often hacked anyway. Patient records are considered valuable by hackers, as they include protected health information (PHI) and personally identifiable details like Social Security numbers addresses, birthdates, and much more. In short, health organizations have everything a hacker needs to steal someone’s identity.
When shifting to a remote work environment, some of these protections vanish if not properly – and carefully – accommodated. Even if you connect to a secure hospital server, for example, your connection itself may be vulnerable to attack. And this is just the beginning.
Fortunately, as with our own health, an ounce of prevention can go a long way.
1. Device management
Device management means ensuring the safety of smartphones, laptops, tablets, and other electronics used in steps such as:
- using authentication like passwords, PIN codes, or biometrics to unlock devices
- turning on authentication every time a device is closed or inactive for 5 minutes or less
- never leaving devices unattended
- enabling theft/loss prevention apps that allow tracking of devices
Here’s why it’s a good idea. Lost laptops and other devices not only represent a threat to patient and employee records but also increase organizational liability to lawsuits. In different incidents, hospitals around the country have had to pay settlements in the millions after unprotected devices were stolen.
2. Encryption
Encryption is the process of turning data into indecipherable code. The only way to access it is with a key (usually a password).
With the use of strong encryption, it makes it nearly impossible for even the most skilled hackers to get their hands on your data.
Encryption is essential everywhere. The first place those working remote should implement it is their internet connections by using a VPN. A VPN is a virtual private network. It not only encrypts connections but also anonymizes them. This means internet activity cannot easily be traced back to devices.
VPNs provide blanket coverage that makes any internet usage, including connecting to work servers, much more secure. When there is a need to access PHI, it’s important to do so through a VPN.
From here, files can be secured with file encryption software to block any type of unauthorized access to confidential data.
Finally, adding encryption can keep your passwords safe through a password manager. Password managers allow you to securely create, manage, and store complex passwords, immensely enhancing the safety of your login credentials. All that’s needed is to remember one password, and they’ll take care of the rest.
3. Protection from email threats
94% of all malware is delivered via email. Opportunistic hackers have taken advantage of the conditions COVID-19 has created to further infiltrate the devices of healthcare workers through phishing attacks.
Phishing attacks lure unsuspecting victims into clicking on links or attachments that look legitimate but contain viruses and malware.
COVID-19 phishing scams may include:
- links to heat maps showing infection rates
- links to fake government, state, or other agency websites that look real
- warnings to download specific files related to COVID-19
- .EXE or other installation files
Phishing emails should be reported to email providers and healthcare organizations right away.
How to protect remote healthcare work
Cyber hygiene is a set of best practices to protect data and devices. It involves device management, encryption, and learning how to recognize threats.
Let’s take a look at this cyber hygiene checklist on how to best protect remote healthcare work:
- Secure all accounts with unique, complex passwords.
- Use 2-factor authentication and other account security tools.
- Lock all devices with passcodes and enable theft/loss prevention apps.
- Protect the internet connection with a VPN.
- Scan all files and links before clicking on them.
- Encrypt all data both locally and in cloud storage.
- Follow and enforce security rules with coworkers, employees, and staff.
- Back up data often.
- Watch out for suspicious emails and websites.
- Protect both professional and personal devices.
By putting essential, cutting edge cybersecurity strategies into action, organizations can comply with security standards, safeguard valuable patient information, and provide those who work remote with the resources needed to perform and protect.
We’re here to empower
The team here at Harmony Healthcare can provide highly specialized solutions and expertise that work for hospitals and health systems, physician practices, strategic alliances, healthcare payers, and government organizations.
Learn more here.
Subscribe to our monthly newsletter here.
Find us on Facebook here.
Join our LinkedIn community here.