We live in a world where we are extremely vulnerable to hackers and security breaches. That is the risk of the electronic age. With huge companies such as Target and Home Depot falling victim to data breaches, where millions of customers’ credit card information was leaked, and Sony Picture’s recent hacking, it is apparent that security risks transcend all industries. As a result, senior living facilities, whose computers house residents’ private electronic medical records, Social Security, and payment information, are definitely vulnerable to data breach.
Recent Examples
A few recent hacking examples demonstrate this vulnerability to breach. Last year, senior living provider Assisted Living Concepts, LLC experienced a breach via its payroll vendor that hacked private information from over 43,000 current and former employees. In an effort to prevent further security breaches to its systems, the company disabled the compromised users and shut the payroll system down until the problems could be resolved. Last January, 2,595 individuals’ personal data was stolen from the Michigan Department of Community Health after a laptop and flash drive were taken from a State Long-Term Care Ombudsman’s office. And earlier this month, one of the country’s largest healthcare companies, Anthem, Inc. (formerly WellPoint, Inc.), experienced one of the largest security breaches reported in the health care industry. As a result of the breach, the personal information of 80 million Americans was violated. As senior living companies are holders of sensitive and private data from both residents and employees, it is imperative that these companies enact measures to protect against potential hackings. However, industry-wide best practices for cyber security are not yet established.
Ways to Protect your Facility against a Security Breach
Though industry-wide standards to protect data may not be in place, there are precautions available to make sure your company is protected against a cyber-attack.
- Data map creation. It is important to ascertain what data is stored by your facility where it can be found. Do this prior to assessing the protection of the data. Identify what data you actually have stored and how it is coming in, and where the data is going.
- Identify the most important data and create a plan for its protection. Create a “what if” situation. What if hackers obtained access to the data and exposed it? How would your company go about protecting the data?
- Identify risks and vulnerabilities. Vulnerabilities often are found in lack of malware and antivirus devices, lack of training or awareness of potential data breaches, failure to monitor information, etc. Most senior living facilities do not prioritize cyber security, and this needs to change.
- Create an incident response strategy. This plan should include how to repair data breaches, and who is in charge of these repairs. This should also include a plan for handling the public relations and legal implications of a cyber-attack, as well as how to notify customers and the Department of Health and Human Services, if necessary.
At Cambridge Realty Capital, we understand that operating an assisted living community is not an easy task, and there are many priorities competing for the top spot on the list. Let Cambridge ease your stress by allowing us to provide financial expertise. Contact us today to see how we can help your community.