When it comes to cybersecurity, many senior living operators believe they have things covered.
After all, those operators have set up firewalls, installed antivirus software and maybe even trained staff on what a phishing email looks like.
But if you think those steps are enough, you might want to reconsider — especially after what was shared in a recent webinar hosted by HealthCap Risk Management Services. Full coverage can be seen here.
As my colleague Kim Bonvissuto reported, the sobering reality is that cyberattacks can be more than just a nuisance; they can be a nightmare that threatens your organization’s very survival.
During the webinar, cybersecurity experts, including John P. DiMaggio, co-founder and CEO of Blue Orange Compliance, reminded us that cyberattacks don’t happen in an instant. They can begin weeks before operators realize something’s wrong.
How do these criminals get in? Largely, thanks to weak passwords, outdated software and those all-too-familiar phishing emails that continue to slip through the cracks. Once inside, those attackers don’t just hunt down sensitive data. They dig deep into your system files, often including your cyber insurance details, to calculate just how much ransom they can demand. The next thing you know, your data are encrypted, your operations are halted, and you’re faced with a chilling ultimatum: pay up or lose everything.
You might think that only large healthcare systems are the targets, but that’s far from the truth. As John P. Hessburg, JD, principal at Kitch Attorneys & Counselors, pointed out, even small organizations can be vulnerable. And the creativity of these bad actors is staggering. They are constantly finding new ways to bypass security measures, and when they succeed, the repercussions can be severe.
Government fines, civil lawsuits and a tarnished reputation are just the beginning. In the wake of a breach, what you do next is critical. Prompt actions to safeguard remaining data, inform affected stakeholders and bolster your defenses can go a long way in mitigating the fallout.
So, what can you do to protect your organization? DiMaggio emphasized that cybersecurity is not just about technology; it’s also about people and processes. Although reasonable security practices — such as risk analysis, access control and training — are essential, they’re just table stakes.
To truly insulate your organization from cyber threats, you’ll need to be more proactive. Recognized security practices should be your benchmark. These include advanced email and endpoint protection, stringent access management, robust data loss prevention strategies, and comprehensive incident response plans.
Don’t forget about third-party vendor management, asset and network management, and even medical device security, they cautioned. Each of those components plays a crucial role in keeping your senior living organization secure.
So, as you lay your head on your pillow tonight, ask yourself: Have I done enough to protect my organization? If the answer is anything less than a resounding “yes,” it might be time to rethink your cybersecurity strategy — before it’s too late.
John O’Connor is editorial director for McKnight’s Senior Living and its sister media brands, McKnight’s Long-Term Care News, which focuses on skilled nursing, and McKnight’s Home Care. Read more of his columns here.
