Remote access technologies expose home care companies to cybersecurity vulnerabilities, experts say

Some of the most commonly used technologies in home care are also among the easiest for criminals to exploit. To ensure data doesn’t fall into the wrong hands, providers must stay up to date on the latest cybersecurity practices, according to a new report from product evaluation and security agency ECRI.

Remote access systems include any technology that allows users to connect and access a computer, server, or network remotely. Within home health care, these systems can include tools such as remote patient monitoring devices, secure messaging apps, telehealth platforms, cloud-based applications or systems that allow users to remotely access patient data, according to the Department of Health and Human Services. And while these technologies provide efficiencies, they can also expose healthcare providers and their patients to risk.

“Healthcare has been transformed by the introduction of remote access technologies – especially in home care, where it is crucial to have accurate real-time data and input to improve member care, access specialist expertise and timely interventions,” Stephen Vaccaro, president of home care management company HHAeXchange, said in an email to McKnight’s. “However, greater connectivity may pose cybersecurity challenges that necessitate proactive protection measures.”

In recent months, ransomware groups have increasingly targeted healthcare organizations’ remote access systems, the ECRI report said. These systems are often a “point of initial compromise,” and from there bad actors can exert significant control over an organization’s key processes.

The most high-profile cybersecurity breach in recent times is February’s cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group that connects healthcare providers with insurance organizations.

Best practices

Given the extensive use of remote access systems by home healthcare providers, it is essential to follow best cybersecurity practices to keep important data safe, explains Chris Thomas, Chief Revenue Officer of healthcare cybersecurity company AlgoSec.

“Healthcare providers consistently work in remote environments; connect to networks via their mobile devices from different locations and access sensitive data through cloud-based applications; leaving systems vulnerable if there are gaps in security policies,” Thomas said McKnight’s. “Adopting a zero-trust approach – along with multi-factor authentication – is essential for protecting networks and data.”

A zero-trust approach involves cybersecurity procedures that prevent any unauthorized access to data. According to Vaccaro, healthcare providers play a crucial role in maintaining this safety.

“Home care organizations must exercise control and visibility when granting credentials and permissions,” Vaccaro said. “Users should only access patient information that is relevant to their work. To ensure that access rights are granted in accordance with current policies and removed when no longer needed, agencies may consider automating access control and compliance processes.”

This article originally appeared on McKnights Home Care