OR Manager - July 2018 - 30

AMBULATORY
SURGERY CENTERS
Continued from page 29
What would the FBI do?
arms for patient safety. In the same
vein, the cybersecurity task force hoped
its report would galvanize both the public
and private sectors to comprehensively
address cybersecurity challenges
to protect patients, Meadows says.
Although the response was not as
immediate as that seen after the IOM
report, a quiet momentum has been
building during the last year, particularly
in the Food and Drug Administration and
the Department of Health and Human
Services (HHS), Meadows says.
These agencies are looking at some
of the cybersecurity report's recommendations,
such as how new medical
devices can be built so they can be
patched and updated once in use. Private
individuals have also formed committees
to look for practical ways to implement
the report's recommendations.
" I think the action is picking up, and
we will be seeing more reports, " Meadows
says.
Building a secure system
Although even the most highly secured
computer systems are still vulnerable
to attacks, that does not mean healthcare
administrators should just throw
up their hands and ignore the problem,
Nussbaum says.
Cybersecurity is often considered to
be less important in small healthcare
organizations than in large ones. However,
smaller organizations, such as
ASCs, may face even greater challenges
and can be more vulnerable to attack
because they typically have:
* an inability to devote time to monitoring
security and patching systems
* budget limitations
* an overall less secure environment
* less technical security expertise.
Budget restrictions can hold healthcare
administrators back from spending
more on something intangible but necessary,
like cybersecurity, than on staff
providing direct patient care. The challenge
is convincing them of the need.
30
OR Manager | July 2018
The most frequent attacks on healthcare
networks are for personally identifiable
information, or PII, and personal healthcare
information, or PHI, says Timothy
Russell, supervisory special agent with
the Federal Bureau of Investigation (FBI).
The hacking tools used to steal PII and
PHI are readily available on the Darkweb.
" I could launch an attack in 30 minutes, "
says Russell, supervisor of the Boston
Criminal Cyber Squad, which covers Massachusetts,
Maine, New Hampshire, and
Rhode Island. His squad's responsibility
includes responding to cyber incidents to
the healthcare industry.
Ransomware attacks are one of the
most frequent types of attacks investigated
by the FBI, according to Russell.
Ransomware attacks occur when malicious
actors successfully introduce malware
into a computer system.
This usually happens when someone
inadvertently clicks on a link or attachment
that looks legitimate. The malware
then encrypts the critical files on that
system and makes the decryption inaccessible
to system users unless a specified
ransom is paid to get the key to
decrypt the files.
Here are the FBI's tips to protect
computers from ransomware.
➤ Make sure you have updated antivirus
software on your computer.
➤ Enable automated patches for your
The cybersecurity task force report
found that healthcare leaders who
have not experienced a serious breach
or loss of data often do not see the
value of cybersecurity expenditures.
Many security professionals say it is
difficult to convince leaders about the
importance of cybersecurity and being
proactive, which can in the long run
limit possible patient harm, according
to the 2017 report.
" It's really difficult
to find a balance, "
Meadows says. " But there are
operating system and web browser.
➤ Have strong passwords, and don't use
the same passwords for everything.
➤ Use a pop-up blocker.
➤ Only download software-especially free
software-from sites you know and trust
(malware can also come in downloadable
games, file-sharing programs, and
customized toolbars).
➤ Don't open attachments in unsolicited
e-mails, even if they come from people
in your contact list, and never click on a
URL contained in an unsolicited e-mail,
even if you think it looks safe. Instead,
close the e-mail and go to the organization's
website directly.
➤ Use the same precautions on your mobile
phone as you would on your computer
when using the Internet.
➤ To prevent the loss of essential files
caused by a ransomware infection,
it's recommended that individuals and
businesses always conduct regular system
backups and store the backed-up
data offline.
The FBI does not recommend paying
hackers for the decryption key if an organization's
computer system is successfully
breached by ransomware. There is no
guarantee the key will be provided or that
it will work, Russell says.
The FBI is aware of over 67 different
variants of ransomware and is investigating
a number of them.
many steps that can be done for little
or no money to increase a system's
cybersecurity defenses. "
Indeed, the two most important
steps ASC leaders can take are educating
all employees about cybersecurity
and conducting a cybersecurity risk
assessment. At least then they will
recognize risks, prioritize them, and
hopefully start taking additional security
measures, Meadows says.
The challenge in educating ASC
staff is making cybersecurity relevant
www.ormanager.com
http://www.ormanager.com
OR Manager - July 2018

Table of Contents for the Digital Edition of OR Manager - July 2018
