January 03, 2017
In a newly released report, the Health and Human Services Office of the Inspector General estimates that roughly 60 percent of hospitals in the U.S. have experienced an EHR outage. Of that figure, 25 percent admit to the outage impacting or delaying patient care.
If this sounds like a troubling figure, consider the fact that most EHR disruptions last longer than eight hours. Hardware malfunctions, connection issues, power outages, and natural disasters cause the most common EHR outages. Although cyber attacks and hacking only account for one percent of EHR issues, it should also be noted that the data collected for the report came from 2014, before the meteoric rise of what is known as ransomware.
What Exactly is an EHR Outage?
Every hospital in America uses an EHR or Electronic Health Record to track and maintain relevant medical and administrative information for their patients. An outage is caused when the service is disrupted by any of the major issues listed above. Outages are dangerous because they prevent healthcare providers from accessing the pertinent information needed to treat their patients.
Information such as allergy medications, symptoms, insurance data, and more is often stored in an EHR, so when service is disrupted or information is hacked, it presents a serious issue that hospitals want to avoid at all costs.
What is Ransomware?
Prior to 2014, this term was relatively unknown. Since the Sony medical records hacking and Anthem hacking, ransomware is now at the forefront of every healthcare administrator’s mind. Ransomware is a malicious computer virus that blocks the user’s access to their files until a sum of money is paid to the hackers. This type of cyber attack is specifically dangerous because it often deals with private information.
How Can Hospitals Protect Themselves?
Since the OIG report was crafted from data before the rise of ransomware, it’s difficult to say what sort of changes we can expect from data collected in 2016 and beyond. What is known, however, is that even a one percent chance of experiencing an EHR disruption due to a ransomware cyber attack is too high. When we are dealing with personal and confidential information, it must be protected from hackers at all costs.
So how do hospitals help themselves from such attacks? For starters, a contingency plan must be in place to handle EHR disruptions. Luckily, reports show that about 95 percent of hospitals have contingency plans in effect in the case of a disruption. The HHS Office for Civil Rights is also in the process of auditing contingency plans to ensure they are effective.
It’s also recommended that hospitals continue to update and change their contingency plans to stay up-to-date with the most advanced security measures. Following the cybersecurity framework set by the National Institute of Safety and Standards is a good place to start as well as the Office of the National Coordinator’s SAFER Self-Assessment practices.
By constantly upgrading and updating your contingency plans and conducting regular audits of your EHR, you can prevent disruptions and avoid disastrous cyber attacks or ransomware.