Skip to Main Content

Healthcare Cyberthreats Hit Home

We’ve all heard the phrase “you don’t know what you’ve got until it’s gone.” The wisdom of that saying was underlined earlier this summer when a powerful windstorm resulted in a week-long power outage for much of my hometown. And last week, as my local healthcare provider dealt with the effects of a cyberattack, patients and clinicians learned that lesson anew.

Modern healthcare is increasingly reliant on computing technology, with electronic medical record (EMR) software handling everything from patient scheduling, billing, lab reports, diagnostics and more. Normally, in the days before my annual physical exam, I receive email and text reminders about my upcoming appointment as well as links to fill out a short health questionnaire before my visit. Entering this data into the EMR beforehand means less time filling out paperwork in the waiting room, better information for the clinician, and a much more efficient visit for everyone involved. I typically leave my annual appointment with a detailed document outlining my health data as well as follow-up tasks and/or physician suggestions to improve my health.

This year, due to the cybersecurity breach at my healthcare provider, all of these automated processes reverted to manual ones. I received no reminder email or text message about the appointment. Knowing that this year’s doctor visit would be a decidedly analog experience, I braced myself for long waiting times and writing cramps from manually filling out forms with pen and paper.

Instead, I was greeted by a highly coordinated team of office staff with a pre-printed packet of reports prepared for my visit. I verbally answered a few questions at the front desk, they recorded my responses on a clipboard with my folder, and after a short five-minute wait, I was escorted back to the examination room to start my visit. From the patient perspective, the process could not have been smoother.

In the packet of information he used during our visit, my doctor had historical data from past appointments and other information needed to ensure a productive annual checkup. While he was clearly frustrated by unavailability of his regular EMR system, nothing in the old-school, paper-based analog process kept him from doing his job.

What explains the ability of this healthcare provider to keep working even in the midst of a widespread application outage? Downtime reporting systems and well-rehearsed downtime processes that, yes, rely on printed documents. There are a variety of well-documented healthcare information best practices, and LRS healthcare customers have shared their own experiences with EMR printing and downtime reporting systems. While every organization hopes to avoid falling victim to a cyberattack, the “six P rule” applies to us all: Prior Proper Planning Prevents Poor Performance.

How — and whether — your organization continues to operate while in the midst of a security crisis depends on the actions you take today. If it has been a while since you last evaluated and rehearsed your downtime procedures, make plans to do so today. You know not the day nor the hour.