In order to comply with HIPAA, medical facilities must have a contingency plan for their electronic health record systems. That is, they must have a disaster recovery strategy among other blueprints for ensuring protected health information isn't compromised.
On Friday, October 21, people across the U.S. noticed some of their favorite online services weren’t working. Netflix, Reddit, Amazon and Twitter are just a few of the websites that were out of reach for users, and this happening on the same day was no coincidence.
According to Krebs on Security, a massive internet outage swept the nation, primarily affecting servers in the northeast portion of the U.S. This resulted from a cyberattack directed at Dyn, an internet performance management company, which is why so many websites and services were affected. The most unnerving part is that hackers used internet-connected devices like digital cameras and video recorders to get the job done.
While the impact of this cybersecurity issue only meant folks were out of luck when they wanted to binge-watch their favorite TV shows or send tweets, it brings up some larger, more dangerous points.
What happens when hospitals become the victims of cyberattacks? How do they continue operating if digital health systems are inaccessible due to a power outage?
In order to comply with the Health Insurance Portability and Accountability Act (HIPAA), medical facilities must have a contingency plan for their electronic health record systems in these types of situations. That is, they must have a disaster recovery strategy among other blueprints for ensuring protected health information isn’t compromised. However, according to a recent survey from the U.S. Department of Health and Human Services, only two-thirds of hospitals reported having contingency plans that aligned with HIPAA Security Rule requirements.
If there’s room for improvement with contingency plans, healthcare organizations may also need to put thought into their network, payment and claims integrity solutions. Partnering with a trusted information technology company to handle data can help hospitals regain confidence in cybersecurity.