Privacy, Security, and Compliance in 2022

Coming out of the worse years for healthcare and security breaches, healthcare will continue to be a target for cyber theft and attacks in 2022. Experts are warning to not let your guard down and be prepared with the tools and solutions available to help stay cyber safe. Continuing education of staff will also be a must. We have rounded up our experts to discuss what we might see in 2022.

Anthony Murray, CISSP, CIO, MRO Corporation
Twitter: @MROCorp

Heading into 2022, one reality rises to the top for healthcare privacy, security, HIM and compliance professionals—the world is digital. The genome generation is more informed and engaged in managing their own health and health information. Privacy concerns take a back seat to instantaneous information access and omnichannel healthcare experiences. That is until a privacy incident impacts a patient’s private, professional or social life.

The year ahead includes continued efforts by healthcare provider organizations to educate their patients on the risks and rewards of ubiquitous PHI and clinical data sharing. There are certainly upsides to greater sharing of clinical data: more cost-effective patient care, improved outcomes, and fewer administrative hurdles. However, good clinical data sharing is consented clinical data sharing.

Disrupters will enter healthcare with an “all for one” message when it comes to clinical data sharing. Savvy healthcare provider organizations should conduct due diligence to ensure all patient data that they share is protected, consented and safe.

Gerry Blass, President & CEO, ComplyAssistant
Twitter: @ComplyAssistant

At ComplyAssistant, we see many healthcare organizations adopting the Health Industry Cybersecurity Practices Rule (HICP) in 2022, to protect their organizations from cyberattacks, and to start the clock ticking towards their initial 12 month cycle for demonstrating compliance and due diligence.

Dan L. Dodson, CEO, Fortified Health Security
Twitter: @FortifiedHITSec

I expect that in 2022 healthcare will continue to face a borage of attacks, which will lead to a double-digit growth in cybersecurity spending. We’ve already seen a significant increase in government expenditures in cyber over the past few months and we expect healthcare delivery organizations to also realize the importance of cybersecurity and follow suit. This includes both the investment into the recruitment of cyber talent as the federal government is doing now, as well as an increase into the funding of technology and services designed to prevent cyberattacks. The desire to invest in cybersecurity protection will likely spill over into state and local governments as those entities look to raise awareness and enhance their security posture as well.

While the headlines are dominated by the “ever-evolving cybercriminal” continuing their relentless assault on our healthcare systems, one prediction that is not being covered, as broadly, is the net effect this will have on hospitals in the year ahead. Specifically, I predict more public awareness on the need for hospitals to divert care because of these cyber incidents. Care disruption not only has a devastating effect on the reputation of hospitals and health systems, but more importantly, it has a significant and measurable negative impact on overall patient care. 2022 will likely bring increased visibility into how these cyberattacks are affecting hospitals and their patients in real time. This includes how hospital downtime will affect our nation’s health at a time when more and more patients are getting back to addressing their post-pandemic care.

Chris Berry, CTO and GM of Security Solutions, PDI Software
Twitter: @pdisoftware

In 2022, we’ll continue to see the proliferation of ransomware hitting all sizes of businesses. But we’ll also see an escalation of the ransomware attack model with extortionware. With more businesses maintaining secure backups to avoid paying a ransom to unlock encrypted data, cybercriminals are now threatening to publicly expose sensitive data.

Doing so can cause significant business risk, especially when the blast radius extends to customer, partner, or vendor data. That’s why it’s so important to make sure you’re preventing threats by securing your perimeter. But you also need the capabilities to detect potential threats and respond in real time if you suspect you’ve been breached.

Unfortunately, a large number of businesses still aren’t adequately protected against today’s sophisticated threat landscape. If you don’t have the internal cybersecurity staff or expertise to maintain 24/7/365 coverage, you might want to seek out a managed security services provider to supplement your own team’s efforts.

Baha Zeidan, Cofounder, CEO, Azalea Health
Twitter: @AzaleaHealth

2021 is on track to be the worst year ever for ransomware attacks on healthcare. 2022 will likely be worse. Healthcare is an ideal target: with lives on the line, providers are more likely to pay ransoms to restore IT services, and private health data is lucrative to sell on the dark web. Ransomware-as-a-service has also made it easier than ever to launch an attack. The potential cost of an attack (the median ransom is $75,000) makes cybersecurity one of the most important investments hospitals should be considering today. That said, rural providers’ lean IT teams as well as limited budgets will constrain their investments, making it critical to invest in health IT platforms that make these critical investments for them with built-in security solutions.

Annie Lambert, PharmD, BCSCP, Clinical Program Manager for Compliance Solutions for Clinical Surveillance & Compliance, Wolters Kluwer, Health
Twitter: @Wolters_Kluwer

The pressures of COVID-19 spurred USP to issue interim guidance that provided flexibility for compounding pharmacies, but 2022 is likely to represent a return to stricter compliance. In September, USP issued a Notice of Intent to Revise (NITR) for both USP <797> and USP <795>. With COVID-19 cases continuing to surge across the country, I anticipate hospitals and pharmacy staff in 2022 will increasingly rely on expert solutions and technology to automate and standardize compounding operations in accordance with best practices and the latest compliance requirements. Burnout and technician shortages are happening in pharmacies too and software tools will help alleviate burdens pharmacy staff face right now.

Leon Lerman, Co-founder and CEO, Cynerio
Twitter: @cynerio

While cyber attacks on critical infrastructure – such as the Colonial Pipeline and a Florida water plant – created a lot of buzz this year, last year we saw a 123% increase in the number of ransomware attacks on the healthcare industry – a trend that has unfortunately continued to plague the healthcare industry throughout 2021. Worse yet, attacks on hospitals have turned deadly. A recent Ponemon Institute report found that ransomware attacks on healthcare providers can lead to increased mortality, and the first ransomware-related fatality in the U.S. was recently reported at Alabama-based Springhill Medical Center.

As we head into 2022, it is likely we will see an increase in both the sheer number of attacks on hospitals as well as severity. It will be critical for hospitals to have proactive response strategies in place to prevent attacks and ensure continuity of care in the event of an attack. Additionally, more government intervention is needed – as has been the case for cyber attacks like that on Colonial Pipeline – to ensure hospitals are prepared with the tools they need to address the evolving threat landscape in healthcare. It could be the difference between life or death.