Pinnacle EMS Quick Take: How to improve data security in EMS
Policies, training and cyber handwashing contribute to preventing malware attacks, phishing attempts and accidental data breaches
ORLANDO, Fla. — The security of protected health information is increasingly difficult for EMS organizations in a hyper-connected world. Tiffany Holman, MSHLP, director of privacy and corporate responsibility for AdventHealth, described types of malware and ransomware attacks; how organizations are vulnerable to an attack; and steps EMS leaders and paramedic chiefs need to take to protect data, respond to attack and recover from a data breach at the Pinnacle EMS conference.
Healthcare, local government and public safety agencies are a lucrative target for hackers. Most health information data breaches in recent years haven’t been the work of external actors. Instead, they have been caused primarily by mistakes or security lapses from within healthcare organizations. In a study of more than 1,100 breaches over eight years, more than half were triggered by internal negligence of hospitals, healthcare providers, insurers and other owners of patients’ protected health information (PHI).
Holman described an experience her organization had after a malware attack and data breach to illustrate the importance of policies, reporting to federal and state authorities, and the importance of forming and activating an incident response team. She also discussed the vulnerabilities present in the computers and mobile devices, personally owned devices, and medical devices EMS leaders and providers use every day.