For years now, cyberattacks targeting local governments and organizations are making headlines. The most threatened, however, is the healthcare sector. With outdated technologies and a relatively low IT security literacy, medical workers are a perfect target for network and social hacks that result in expensive and embarrassing data breaches.

Every year, we get to hear terrible stories of security breaches in medical organizations. In 2016 the Hollywood Presbyterian Medical Center paid an equivalent of $17,000 ransom fee in bitcoin to retrieve their encrypted files. This attack got so much coverage that the medical center now has a section explaining the attack on its Wikipedia page.

The same year, MedStar Health was under a cybersecurity attack, and it had to turn away patients or treat them without important computer records.

Unfortunately, these two cases were just the beginning of ransomware attacks against healthcare data servers.

Attacks like these create confusion, disrupt patient services, and in 2019, have forced many healthcare providers to shut their doors permanently. Healthcare cybersecurity attacks across the world, such as the WannaCry ransomware attack, have only highlighted how quickly personal information can become compromised when technology is the weak link.

Why are legacy applications are a threat to healthcare cybersecurity?

Common Social-Hacking Threats Plaguing Healthcare Organizations

To effectively manage patient information, the healthcare industry needs to digitize the data and automate processes. Unfortunately, the problem in healthcare organizations is the high complacency with outdated technology and generally low IT literacy of medical staff.

Utilizing poorly managed legacy applications makes hospitals vulnerable to cyberattacks. Low IT security literacy of medical staff makes them an easy target for social hacking. These two issues are among the reasons hospitals face significant risks with potential high-impact consequences for both them and their patients.

Cyber attackers hit wherever systems are most vulnerable. This is usually the medical staff, who are concerned with customer service. Some common exploitation schemes include:

1. Email phishing: users are requested to click to open an email or website. Cyber attackers often send an email providing an infected link for the users to click on.
2. Usage of default passwords. Cyber attackers take advantage of weak passwords in cases where password strength has not been enforced.
3. Insecure configurations. Configurations with unintended security holes are obvious vulnerabilities which can be addressed through a combination of greater awareness and improved testing during system configuration.
4. Lack of essential network security. Very often, security takes a back seat to other priorities. Healthcare providers need to standardize practices around the network and data-access security and undertake proactive steps to monitor and ensure adherence.

Healthcare organizations that take serious steps to solve these issues will protect themselves from attacks that would otherwise probably be successful.

How Legacy Applications Pose a Threat for Healthcare Organizations

Although digital transformation is enabling greater patient engagement through the rise of Cloud Computing and the Internet of Things (IoT), it also contributes to a growing threat for potential cyberattacks. Increasing connectivity is a catalyst for exploits. This is especially true with legacy applications, where cybercriminals can exploit ‘back doors’ to compromise data centers of health organizations.

It is common for institutions to continue using legacy applications to store historical data that is not migrated to modern, more secure solutions. The driving force behind this practice is human and/or financial resource constraints, as well as unfamiliarity with modern technologies.

Adopting modern technologies to reduce exposure to vulnerabilities has become more important than ever as healthcare organizations have become top targets for cyber-criminals.

Below are some alarming statistics about healthcare cybersecurity threats in the US in the last couple of years:

• From 2009 to 2018, there have been 2,546 data breaches in the healthcare industry, impacting more than 189 million medical records

Source: HIPAA Journal

• In the last three years, 41% of the US population had their protected health information exposed.
• In the past two years, 89% of healthcare providers have undergone a data breach.
• According to HIAPA, in 2018 alone, 13,236,569 medical records were compromised.
• Data breaches cost healthcare organizations an average of $6.45 million per year.
• By 2021, there’s an expected loss of $6 trillion due to global cyber threats across industries.

According to these statistics, cybersecurity doesn’t seem to be effective, especially in healthcare organizations. Obviously, there’s plenty of room for improvement. Any hospital that continues to use legacy applications is simply inviting risk. The longer these vulnerable systems are in use, the greater the threat they are presenting. The infection can rapidly spread and affect mission-critical applications with catastrophic implications.

Modern ECM Systems: The End of Healthcare Cybersecurity Nightmares

One of the biggest concerns when thinking about the modernizing ECM systems is how secure your patient data will be, especially if it’s a cloud-based solution on a third-party server. Data security is the first concern for medical organizations which must comply with regulatory frameworks like HIPAA (Health Insurance Portability and Accountability Act) for secure data portability.

On-premise modern ECM solutions can be one option, but the organization will need to work with a trusted, reliable service provider. On-premise IT infrastructure will be the facility’s responsibility. If the equipment fails, healthcare organizations may lose all their data. If the equipment isn’t maintained and updated regularly, network breaches can happen again. If the data/server room isn’t secured properly, there’s the threat of physical access to data storage devices.

Cloud-based ECM systems solve the IT infrastructure problem and not only allow users to access data remotely, but include automated backups and disaster recovery options. Cloud solutions will leverage Platform as a Service deals with large technology companies like AWS.

Addressing the cybersecurity issue in healthcare organizations requires a multi-faceted approach. This can include everything from bare-metal infrastructure solutions, to server virtualization, data storage solutions, secure networks between systems, and secure yet user-friendly ECM interfaces. This also includes on-premise training for the integrated system and ECM.

With an all-encompassing approach, healthcare organizations can get drastic improvements in several key areas:

• ECM systems have advanced safeguard capabilities, particularly when it comes to data access. User roles and access levels are easy to set up, and digital signatures ensure that each employee’s login credentials are secure. Electronic signatures, audit trails, detailed activity logs, etc., help close as many security gaps as possible.
• Quick Recovery. Modern ECM systems deployed as hybrid solutions (on-premise and cloud integration) can be set up to run data backups in the cloud. Data stored on providers like AWS will be easily retrievable, making local data loss a non-issue. These data storage solutions will be usually HIPAA, FedRAMP, HITECH, etc. compliant.
• Collaboration & Communication. Since healthcare organizations are usually running multiple departments, collaboration and communication between the doctors and other staff across those departments are crucial.
  Using a cloud-based ECM system, healthcare providers can easily transfer data between each department using one interface for communication. A modern ECM system will allow for secure, easy, and fast access to documents. It will also allow for cross-department collaboration based on predetermined permissions and workflows, and so on.
• Scalable Data Storage. Healthcare organizations are working with electronic medical records and have numerous other devices generating data. Wearable monitors, MRI scans, X-ray scans, etc., all end up as digital documents shared and attributed to specific patients. This is a lot of different data that should be stored securely, on a platform that allows easy scalability.
  A modern ECM system that’s either cloud-based or uses a hybrid deployment will be built with scalability in mind. Expanding storage capacity on the Cloud, especially with AWS, is a non-issue.
• Instant Data Access & Searchability. When all of your data is on the Cloud, accessing it is much easier.

With Cloud-based ECM software, you can access data much faster and much easier. This means that anyone with given permissions can access patients’ data from anywhere in the world.

Modern ECM systems will usually have the ability to search for key phrases within the document texts as well as through the documents’ metadata. These systems enable medical workers to easily find any piece of data from anywhere in the world, via a secure connection.

Armedia, as an ECM solution Integrator,  can also help your healthcare organization with migrating data from any legacy system onto any new ECM system of your choosing. For fast, reliable and secure data migration, we built Caliente, an ECM data migration application that has enabled us to move petabytes of data at 100% data accuracy.  Using Caliente, our team can perform quick one-time data migrations from your legacy system.Additionally, if your healthcare organization struggles with paper-based patient files, with Ephesoft, we can help you achieve full digitization. Ephesoft’s capture solutions help large organizations increase data accessibility, organization, and data extraction from your paper-based documents.

For HIPAA and DoD-compliant data storage, we use Alfresco, and for a customized case management platform, we rely on ArkCase.

Summary

Threats to healthcare cybersecurity are real. Legacy applications leave healthcare organizations exposed to cyber-attacks. Ransomware attacks on healthcare organizations have led to an inability to access patient data, forcing hospitals to a fallback scenario of pen-and-paper patient management. To make things worse, these cyberattacks expose sensitive patient data and lead to substantial financial costs for healthcare organizations.

Considering all the issues legacy systems present, it is advisable to migrate patient data and daily operations to a modern, cloud-based ECM system.

Over the years, Armedia, as a platform agnostic ECM solutions integrator, has helped organizations migrate away from their legacy systems onto modern ECM solutions. Whether it was an on-premise, cloud or hybrid deployment, organizations benefited from our expertise in fast data migration at 100% reliability, every time.

So, what do you think about healthcare cybersecurity? Do you think a cloud-based ECM is the right solution against threats on healthcare cybersecurity? Will technology help us protect our data from prying eyes?

We’d love to hear your thoughts in the Comments section below. Or if you have specific ECM Modernization questions, please feel free to contact us.