Why CAIPHI, Why Now?
The FBI reports healthcare ranks in the top 5 industries targeted for cybercrime. Cybersecurity is a critical element of emergency preparedness for healthcare providers to mitigate the risk and potential consequences of a cyberattack on patient and workforce safety.
The healthcare orbit of 801,000 covered entities and their over 1.5 million business associates face unprecedented threats to networks, EHR systems, and digital devices used for healthcare operations, payment, and treatment that potentially compromise patients’ data and safety.
According to the October 25, 2022, HHS/OCR Newsletter, ” Cybersecurity incidents and data breaches continue to increase across all industries. A 2022 cybersecurity firm report noted a 42% increase in cyber-attacks for the first half of 2022 compared to 2021, and a 69% increase in cyber-attacks targeting the health care sector (www.checkpoint.com). The number of data breaches occurring in the health care sector also continue to rise. Breaches of unsecured protected health information (PHI), including ePHI, reported to OCR affecting 500 or more individuals increased from 663 in 2020 to 714 in 2021. Seventy-four percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents. In the health care sector, hacking is now the greatest threat to the privacy and security of PHI. A timely response to a cybersecurity incident is one of the best ways to prevent, mitigate, and recover from cyberattacks.”
“On the dark web, a complete medical record easily sells for an amount (the bitcoin equivalent) of $60; social security numbers sell for $15 each; and stolen credit cards fetch a price of just $1 to $3. Medical records are used to steal a person’s identity, bill them for medical procedures or prescriptions, open a new credit history, or used for extortion and blackmail (www.mosmedicalrecordreview.com, Aug 17, 2022).”
“There were 11 reported healthcare data breaches of more than 1 million records in 2022 and a further 14 data breaches of over 500,000 records. The majority of those breaches were hacking incidents, many of which involved ransomware or attempted extortion (www.hipaajournal.com, January 24, 2023).”
CAIPHI’s SaaS platform emergency preparedness and cybersecurity applications are designed to mitigate threats to business operations and finances, regulatory compliance, and responses to unplanned hazardous, whatever the source. With respect to CAIPHI’s healthcare market focus, especially providers and suppliers subject to the CMS EP Rule, threats include:
- Cyberattacks, especially Ransomware and Phishing.
- Increased infectious disease workloads: Influenza, RSV, and COVID-19.
- Increased incidence of natural and manmade disasters.
- Pandemic-related labor shortages.
- Non-digital emergency preparedness and cybersecurity compliance inefficiencies.
CAIPHI’s SaaS platform applications permit hospitals and congregate care facilities to be ready to respond to the challenges these threats entail, as the examples below illustrate.
Challenges
Emergency Preparedness Challenges
- CMS Emergency Preparedness Rule covers ”all hazard” risks that potentially adversely impact healthcare resources and operational readiness.
- Hospitals and long-term care (LTC) facilities were ill-prepared to contain the COVID-19 outbreak (2020).
- Increasing incidence of infectious disease outbreak risks (e.g., COVID-19 pandemic, Influenza, and RSV) (Dec. 2022).
- Increasing incidence of weather (e.g., Hurricane Ian, Gulf Coast FL in Sept. 2022) and wildfire risks (e.g., Paradise, CA Fire in Sept. 2022).
- Increasing incidence of mass shooting events (e.g., Robb Elementary School, Uvalde, TX in May 2022).
- Increasing incidence of ransomware attacks that delay surgeries, patient care, and appointments (e.g., CommonSpirit Health in Oct. 2022).
Cybersecurity Challenges
- Increasing incidence of phishing, opening emails embedded with malware to achieve unauthorized database access, compromises confidentiality and potentially integrity and availability of protected health information (PHI), increasing the risk of patient safety in healthcare environments.
- In 2021, 45 million individuals were affected by healthcare cyberattacks, up from 34 million in 2020.
- Ransom demands for healthcare breaches currently average $4.6M, and healthcare cyberattacks increased 69% in first half of 2022 year over year.
- Ransomware assaults on hospitals and other healthcare providers are causing revenue and expense pressures on U.S. health systems.
- IBM Security reported in its July 2022 publication, Cost of a Data Breach Report 2022, that the healthcare industry leads all other industries in having the highest average cost associated with a breach and its containment, $10.1 million, which from discovery through containment, averaged 277 days in 2022.
- Patients continue to be denied access to their medical records in violation of the HIPAA Privacy Right-of-Access Standard.
Three Critical Problem Areas To Address for Compliance and Response
REGULATORY
Noncompliance
Failure to Conduct a Risk Analysis and Implement and Document a Security Management Plan, with Resultant Privacy Breach and Security Incident Threats and Vulnerabilities.
OPERATIONS
Cyberattacks
Internal: Workforce Member Vulnerabilities Due to Inappropriate or Lack of Safeguard Training.
External: Phishing/Ransomware Intrusion Threats to Vulnerable Networks and Systems.
DATA EXCHANGE
Unsecured ePHI
Access by Unauthorized or Unauthenticated Persons or Systems that Compromises Confidentiality, Availability, Integrity, or any Combination thereof.
The CAIPHI Solutions
EMERGENCY PREPAREDNESS
CyPHIprepare platform application:
- Provides data management, search, archive, and reporting tools, including document upload/retention capabilities for tracking state/local requirements and action reports.
- Accommodates use by 17 categories of CMS-designated Medicare and Medicaid provider and supplier types based on CMS and ASPR TRACIE guidance.
- Includes sample emergency readiness policies and procedures for each standard and implementation specification to facilitate timely response to emergencies.
- Enables enterprise to demonstrate efficiently annual compliance of each facility with CMS’s annual survey and certification requirements as a condition of participation in Medicare/Medicaid programs.
HIPAA SAFEGUARDS
CyPHIcomply® platform application:
- Provides data management, search, archive, and reporting tools, including document upload/retention capabilities for tracking HIPAA Privacy, Security, and Breach Notification requirements and action reports.
- Accommodates use by over 800,000 healthcare provider covered entities and their estimated 1.5 million business associates for ensuring the confidentiality, availability, and integrity of protected health information (PHI) based on current HIPAA Safeguard Final Rules that required compliance beginning in 2013.
- Includes sample safeguard policies and procedures for each standard and implementation specification to facilitate compliance with administrative, physical, technical, access, and use safeguards and timely response to cyber breaches and incidents.
- Enables enterprise to demonstrate efficiently periodic OCR compliance reviews of a facility in response to a scheduled audit, complaint, or breach; with demonstrated compliance expected required in the forthcoming “documentation for the previous 12 months,” according to the 2022 OCR Notice of Proposed Rulemaking (NPRM).
AUDIT OF loT DEVICES
An Adaption of an Existing Software that Identifies All Networked Devices, Tracks Their Activity to Ensure Appropriate Use in Medical Diagnosis and Treatment, Alerts Management when an Inappropriate Use or Malfunction Occurs or in Anticipation of a Malfunction.
SECURE DATA EXCHANGE
An Adaption of a Sensitive Healthcare Data Exchange Mobile Software that Initially will be for Provider-to-Provider Exchange, Ensures Authorization and Authentication of the Data Recipient.
CAIPHI Solutions Provide Value Added Benefits
CyPHIprepare and CyPHIcomply® platform applications provide the regulatory and best practices framework for design, development, and deployment of future software to:
- Mitigate internal and external risks to patient safety.
- Create a trusted environment for healthcare stakeholders.
- Minimize likelihood of financial and reputational liabilities.
- Enable cybersecurity insurance coverage and commercial general liability (CGL) insurance premium discounts.
- Create AI opportunities by linking data to real-time quantifiable intelligence.
Over 800,000 covered entities and their estimated 1.5 million business associates face unprecedented threats to their critical healthcare information infrastructure used for healthcare operations, payment, and treatment that potentially compromise patients’ data and the safety of patients and healthcare workforce members. CAIPHI’s SaaS platform applications are designed to provide peace of mind and business sustainability.