Cybersecurity in Senior Care: Mitigating Risks and Ensuring Data Privacy for Aging Communities

Cybersecurity is an ever-increasing concern today, as the growing reliance on digital technologies exposes individuals and organizations to a wide range of cyberthreats and attacks. According to the Cybersecurity & Infrastructure Security Agency, 47% of American adults have had their personal information exposed by cybercriminals, and cybercrime is the most common imposter scam. Worldwide, consumers lose $358 and 21 hours on average per year dealing with online crime.

These statistics only begin to touch on the large-scale problem of cybercrime in today’s digital era. In senior care facilities, cybersecurity should be top of mind, and facilities should not only focus on protecting sensitive healthcare information, but protecting residents as well.

Cybersecurity Risks in Senior Care Settings

Anurag Lal, president and CEO of NetSfere

Senior care facilities have become frequent targets for cyberattacks. “Hackers commonly breach facilities through phishing scams via email communications as well as stealing personal health information (PHI) by accessing accounts with that privileged information stored on it,” says Anurag Lal, president and CEO of NetSfere.

Senior care facilities also have many common cybersecurity vulnerabilities. A facility’s software and use of consumer-grade messaging apps and unsecure collaboration tools pose one such vulnerability. “These apps and platforms were not designed to protect the sensitive information healthcare facilities carry and stand up against the growing sophisticated attacks,” explains Lal. Potential vulnerabilities can include a compromised password, a corrupted file downloaded on a computer, a weak or outdated security system, and more.

“But ultimately, the biggest vulnerability is humans,” Lal notes. “The majority of the time, cyberattacks and data breaches are the result of human error.”

Potential Implications of a Cyberattack

According to Lal, during an attack, hackers would access, download, or corrupt sensitive files. Hackers then take those files and information and can use them to steal identities or access bank accounts. Hackers may also hold bank accounts ransom in exchange for a large sum of money paid by the senior care facility.

Cyberattacks can have other significant financial consequences for senior care facilities. Lal notes that fines for HIPAA violations range from $127 to $50,000 per violation, depending on the nature of the violation. “Healthcare data breaches have been steadily rising in recent years,” he explains. According to the May 2023 Healthcare Data Breach Report, May was the second worst-sever month for healthcare data breaches, with 75 breaches occurring and exposing 500 or more healthcare records. “As attacks become more sophisticated and the frequency at which breaches are happening, it is absolutely vital to ensure a facility is cyber secure,” says Lal.

Preventing Cyberattacks in Senior Care Facilities

It’s increasingly important for senior care facilities to provide staff and residents with the right tools to help them remain secure. “The number one thing is education,” he says. “A staff that can identify a potential attack and properly report it will set them apart from all other facilities and drastically decrease the chances of an attack happening. And then always keeping an up-to-date cybersecurity defense will be key,” Lal says.

When it comes to choosing communication platforms, Lal encourages facilities to look for mobile messaging solutions that provide built-in security, like NetSfere. “The most secure mobile messaging platforms feature end-to-end encryption – the gold standard in secure messaging, robust administrative, technical and physical data security controls and compliance-guaranteed technology that never collects or shares data,” he says.

Being aware of vulnerable areas can help a senior care facility spot issues early on and take steps to remedy them. Lal notes that outdated security defenses often have unusual or suspicious account activity, including unusual file activity like downloads, shares, or extremely large file sizes. Unknown software or application installations may also indicate that a hacker has gained access to a network.

Responding to Cyberattacks

It’s essential to act quickly if a cyberattack or data breach has occurred. “It is vital to get a professional audit of the facility’s software and communications platforms to identify its weak points and immediately address them to prevent any further attacks,” he says. “This will also be able to tell the facility exactly what information was compromised in the attack.”

Lal highlights the importance of communicating with people who were affected by the attack, which can help maintain their trust and the facility’s reputation. Gaining control of the accounts on the network can also help to identify where a breach might have occurred.

Looking Forward

As technology rapidly evolves, cyberattacks are continuously evolving, too. It’s essential for senior care facilities to keep pace with the evolution and advancement of cyberattacks, and facilities need to be prepared to invest in and improve their cybersecurity measures. “As the threat landscape grows, cybersecurity has to be a priority for organizations. It’s no longer a question of ‘if’ an organization will experience a breach, it’s a matter of ‘when,’” says Lal. “It comes down to being proactive instead of reactive. Always have a plan in place and always be improving that plan as times and situations change. For CIOs and CFOs, having a healthy budget allocated each year to put toward building up security is a must.”

Paige Cerulli

Paige Cerulli is a contributing writer to i Advance Senior Care.