Staying Productive in Healthcare: Avoiding EHR Downtime

Avoiding EHR downtime in healthcare today is one of the top priorities for care providers. Not only does EHR downtime add stress to care teams and their workflows, it also affects patient care. Without access to EHR, or electronic health records, health and medical care providers are unable to access patient medical history and treatment plans. This creates knowledge gaps in care of patients and worse, compromises it. Maintaining uninterrupted access to EHR therefore becomes a priority, especially as the healthcare industry enters the third year of a global pandemic.

Healthcare Data Vulnerability

Cyberattacks and data breaches are often the culprit in unplanned EHR downtime. In  healthcare, the cause of such events is frequently attributed to cyberattacks and employee data misuse. And frequent employee data misuses are often attributed to healthcare data needing to be widely available to workers. 

A recent study revealed that nearly 20% of files, including EHR, are available to every employee at a healthcare organization on their first day of employment. While this is necessary for productivity and patient care, it puts organizations in the health sector at risk because it supplies threat actors with a surplus of potential access points. Since limiting access isn’t possible however, another solution is needed to protect the data and avoid EHR downtime to provide continuous patient care. 

The use case below, one hospital found such a solution.

Avoiding EHR Downtime: The Use Case 

In response to their flurry of new hires to keep up with the spike in demand, a hospital that sees 183,000 patients a month enlisted an IT consulting firm to strengthen the hospital’s data security against misuse and data breaches to avoid EHR downtime.

Knowing the hospital had the added stress of an ongoing healthcare crisis and employees were facing burnout, the IT consulting firm wanted to implement a proactive but easy-to-use solution to protect PHI from breach and misuse. Between the most likely rushed new-hire cybersecurity training and the added pressures the frontline staff was facing, the IT consulting firm decided on an endpoint security solution that could monitor user data activities. 

Their goal was to decrease the chances of experiencing EHR downtime by increasing their cybersecurity. If unplanned EHR downtime was often caused by a data breach or attack and data misuses that lead to breaches or attacks, avoiding EHR downtime was a matter of strengthening data security. 

Learn how to protect healthcare data

The user activity software implemented allowed the IT firm to put behavior rules and policies into place that would alert system administrators of data use violations. To help the hospital in managing their new endpoint system, the IT firm selected a solution that provided pre-built rule templates focusing on PHI as well. The firm customized the rule templates to respond to certain misuse actions. For example, blocking outgoing emails containing PHI in an unprotected format, blocking data transfer to external drives and public cloud accounts containing PHI and blocking PHI from being copied to the computer clipboards. 

In addition to the employee specific PHI handling rules put in place, the IT firm also leveraged other capabilities of the endpoint monitoring software to strengthen the hospital’s overall cybersecurity. This included further email monitoring of incoming messages to detect phishing attempts, behavior rules limiting downloads from emails received from unauthorized email addresses and monitoring to detect irregular swings in network traffic, a common sign of malicious activity. 

While the behavior rules blocked any high-risk data activities, they also alerted system administrators of any activity that could be considered risky network and data behavior. All of the activity data was logged and fed to the system administrators and the hospital’s internal IT security department for further analysis. 

The behavior rules and alerts provided a last line of defense against distracted and preoccupied hospital employees. Unfettered data access is a problem. At small and medium size medical organizations, it was found that employees have unlimited access to a quarter of the company’s data. Wide reaching access like this creates more vulnerabilities in an industry that has historically been a top target for threat actors. 

The reports produced by the monitoring software revealed that the platform had blocked multiple email attachment download attempts and various unauthorized file shares. Upon investigation into the events, IT security  found that of the email attachment downloads blocked by the system, nearly half of them came from spear-phishing attempts targeting the staff.

Had the system not prevented the email attachment downloads, the hospital could have faced an extended period of EHR downtime, like other care facilities in their region had. By protecting their data from misuse and by strengthening their cybersecurity, the IT consulting firm helped the hospital maintain their access to EHR and provide continued and consistent care to patients. 

Conclusion

Although access limitations may not be a data loss prevention solution for care providers, other solutions exist to protect against the threat of cyberattacks resulting in EHR downtime. Endpoint monitoring systems deployed with a focus on employee activity can be used to protect against data misuses that result in vulnerabilities leading to breaches and system outages. By avoiding EHR downtime through strengthening cybersecurity, healthcare organizations can provide consistent, uninterrupted, quality patient care in time when it’s most needed.