Healthcare providers have begun to utilize the growing number of digital technologies to optimize their operations, support their patients, and improve access to data. Currently available digital technologies include Electronic Health Records (EHRs), cloud-based scheduling solutions, telehealth applications, and the creation of integrated billing solutions; all of which create an environment for improved operational efficiency and enhanced patient experiences. However, with the advancements and efficiencies a result of using these digital technologies, comes a corresponding increase in the potential for cyberattack.

In recent months, a number of larger scale data breaches have occurred, including the Delta Dental of Virginia Data Breach, wherein sensitive health information was posted online; indicating that with the adoption of digital technology, Healthcare must also adopt sufficient cybersecurity protocols. In the breach involving Delta Dental of Virginia, unauthorized access to emails and attachments resulted in the exposure of sensitive health information to the public; a distinct example that demonstrates the risks associated with moving sensitive health information into a digital format.

In the past, the majority of healthcare information was maintained in paper form or isolated legacy systems which made it challenging to breach the information, and such breaches were infrequent. Digital transformation has not only provided healthcare providers with increased efficiencies within their practices, but has also added new avenues through which cybersecurity breaches can occur. Digital transformation provides healthcare providers with additional points through which cybercriminals can gain access to sensitive data, through the use of integrated third party vendors, web based access tools, and remote access to health information. Additionally, there are many daily operational practices which create increased risk to the confidentiality of protected health information (PHI), such as emailing documents or sharing documents with external providers, which can also create inadvertent exposure of PHI.

Until unusual activity triggers investigation, cyberattacks usually go undetected. Cyberattacks are often unnoticed until there is unusual activity that causes an organization to investigate them. Once organizations investigate unusual activity, attackers probably have already stolen large amounts of sensitive data, which impacts thousands of patients. These incidents can cause victims’ identities to be stolen, lead to fraudulent claims, and harm patient trust.

Within the healthcare sector, organizations must implement a comprehensive cybersecurity strategy to limit cybersecurity risks. Some examples of ways to implement a comprehensive cybersecurity strategy include encrypted communication methods, strict access to data, implementing multi-factor authentication, and completing regular security audits. It is also equally important that organizations provide training to their staff on how to recognize phishing attempts, securely handle and protect digital records, and report any suspicious activity. Partnering with cybersecurity experts as well as a compliant third-party vendor will help decrease a healthcare organization’s exposure to cyberattack threats.

Digital systems will continue to play a vital role within the healthcare sector despite the risk of cyberattacks. The convenience of telemedicine, the use of data analytics, and the implementation of interoperable electronic health records allows for improvement in patient care and operational efficiency. However, the recent data breach of Delta Dental of Virginia serves as an example of the need to ensure that the ease of doing business digitally does not take precedence over the security of patient data and that healthcare organizations must take a proactive approach to protect patient data by implementing technology such as antivirus software/firewalls and creating a culture of cybersecurity awareness.