Cyber Threats 2025

One of the biggest worries hospices face today is the threat of a cyberattack.  The healthcare industry is a prime target for cybercriminals due to the sensitivity of the data stored and the critical need to maintain business continuity in the event of an attack.

There are many threats that could result in a breach of patient information, loss of data, or significant interruption of mission-critical services.

Now that I have your attention let’s examine some essential protections you could implement to mitigate your risk of a cyberattack.

The Threat: Cyberattack Causing Interruption of Service to Your Patients

The Risk Mitigation:

Phishing is the most common cyber threat in healthcare.  It usually occurs through email, where an email is infected with a malicious link, and someone (yes, even one person) opens it and launches the attack.  These emails can look very convincing, often appearing to come from a regulatory or governmental organization.  To guard against phishing attempts, implement a staff training program, including phishing exercises, to raise staff awareness about the risk of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments.

Implement Multi-Factor Authentication (MFA).  Most people are now familiar with this as they are experiencing it when logging into many commonly used applications like banking, social media, shopping, etc.  This involves requiring a second “factor” and a password when the user is logging into an account.  Since passwords can be challenging to remember, people use the same ones repeatedly at many different sites.  MFA is one of the most straightforward and most valuable security controls an organization can implement.  I’ve seen estimates that almost 90% of cyberattacks could have been prevented had MFA been in place.

Install and regularly update antivirus and anti-malware software on all hosts.  Hospices often rely on vendors to host their software and secure their data.  Usually, the hospice organization is unaware of the vendor’s security policies.  Require vendors to provide visibility into their security practices and risk assessments and periodically audit vendor user accounts to ensure appropriate vendor access.  Likewise, ensure all servers and devices you manage have updated antivirus and anti-malware software.

Unfortunately, there is a high probability that your organization or your software vendor will experience some type of cyberattack at some point.  It’s important to assume the worst and plan for it by documenting a comprehensive Business Continuity Plan and conducting periodic tabletop exercises to test the effectiveness and viability of the plan.  A business continuity plan assumes interruption of mission-critical services and outlines, in detail, the roles and responsibilities, processes, and communication strategies the organization will launch in such a situation.  Experts say there are four steps to developing the plan.

1. Prepare a business impact analysis by identifying mission-critical functions and processes and the technical and human resources required to support the continuation of these functions.
2. Identify and document the steps needed to recover these critical functions and processes. This may require collaboration with software vendors.
3. Organize a cross-functional Business Continuity Team to document the plan.
4. Conduct training for the Business Continuity Plan, testing, and tabletop exercises to evaluate both recovery strategies and the plan.

I’ve participated in a few tabletop exercises based on scenarios where mission-critical systems are completely down for an extended period.  While nobody wants to think about that, thinking about it and focusing on each area of the organization and its role in maintaining patient services is truly valuable and eye-opening.

TCN highly recommends embarking on this journey.   Please contact me if you want to discuss your opportunities and challenges in this area.

Joel Garr
Chief Technology Officer with TCN

Leadership Immersion
Discover More

Growth Immersion
Discover More

Teleios University (TU)
Discover More

Register Today!

LISTEN TO OUR PODCAST

TCNtalks

Anatomy Of Leadership

An organizational model that allows nonprofit hospices (Members) to leverage best practices, achieve economies of scale and collaborate in ways that better prepare each agency to participate in emerging alternative payment models and advance their charitable missions.