Two IT specialists discussing patient data

Health system’s IT pros are experts on preventing cyber attacks

Doctors, nurses and staff all work together to keep patients healthy. Behind the scenes, other experts are working hard to keep patients safe from those who would steal their health care information.

Information technology experts continually monitor, test and learn all they can about the latest cyberattacks worldwide so they can prevent similar ones from happening right here in our backyard.

Spartanburg Regional Healthcare System (SRHS) has multiple layers of cyber security, including training to keep all staff on the lookout for suspicious activity.

The information technology team meticulously guards patient data against security breaches. These can include things like malware, where cyber criminals place malicious data on a server, and ransomware, where attackers place encryption code on all data on a server. Then they hold the data hostage until the organization pays a fee.

Ransomware has become a more frequent cyberattack in recent years and forced some hospitals to pay the ransom to obtain access to patient records and data.

Also, cyber criminals increasingly are focusing data hacking efforts on health care organizations because these can sell for more money on the dark web, which is cyberspace’s black market.

Cyber crooks no longer want credit cards

“Credit cards in the last five years have stopped being profitable for organized crime of hacking because they can only charge $20 to $100 on a stolen card before a credit card company realizes it’s a compromised account,” said Erik Stielow, manager of information security for Spartanburg Regional Healthcare System.

So the criminals switched to hacking data, including health care records, which are not easily cancelled. This data includes social security numbers, birth dates, next of kin, and other identification, Stielow said.

Criminals can use these data to open new credit cards and loans, he said.

Spartanburg Regional Healthcare System’s cyber security team is continuously protecting its health information. Their efforts helped Spartanburg Regional Healthcare System to be recognized as a Most Wired Hospital and Health System 2017 award for security and patient engagement.

The IT team and system at Spartanburg Regional Healthcare System works like a home security system to keep cyber attackers out and keeping information safe, said Harold J. Moore, MS, MBA, chief information officer at Spartanburg Regional.

Spartanburg Regional, like most Upstate health systems, uses Epic, a cloud-based repository that stores an individual’s electronic health record.

When someone visits the hospital or a specialist, their new doctor will see all of the diagnoses, lab test results, and medications. This part of the electronic system is behind the scenes. Patients encounter Epic when they visit their MyChart portal to look at information about their next doctor’s visit or to see lab results.

Patients have secure communication in MyChart

“MyChart is secure. We protect patients’ health information similarly to how a bank protects your banking information,” said Donna Ownby, EpicCare ambulatory team lead for Spartanburg Regional Healthcare System.

Patients can send their doctors secure messages through MyChart.

“When patients log into MyChart, they have user names and passwords,” Ownby said. “Sending messages is much more secure than personal emails.”

MyChart is secure, so people can pay their medical bills electronically. Their payment information is encrypted and safe.

“Folks get their bills in the mail or electronically through MyChart,” Ownby said. “We don’t call and ask for a credit card number.”

This is why the health system’s security team takes many precautions to deter hackers. The health system’s IT team conducts internal tests to see where cyber attackers might gain entry.

They also validate internal testing by having outside experts try to penetrate the security system and highlight weak spots, Stielow explained.

“We do that to proactively patch any holes or inconsistencies we find, and we do this quite regularly,” he said. “We also spend a lot of time researching what’s going on in other parts of the world, and we partner with security firms that have a big global outlook so that we can anticipate new threats.”