Dawn Pisturino's Blog

My Writing Journey

Health Information Technology Security

Abstract       

Due to threats of cybercrime and malware infestations, healthcare organizations all across the world are now forced to upgrade and monitor their cybersecurity systems on a constant basis for the sake of protected patient health information, financial stability, and uninterrupted operations.  Money that would normally be spent on patient care is being diverted to IT professionals, who are hired to keep cybersecurity systems intact.

Health Information Technology Security       

Protecting patient health information, as mandated by law, has become a priority for healthcare facilities all around the world.  From doctors’ offices to medical devices to ransomware, the healthcare industry is under attack by cyber threats that compromise the health, safety, and privacy of patients everywhere.       

Nurses are at the forefront in efforts to secure patient and employee information, promote responsible use of computer technology, and report possible threats and violations in a timely manner.

Cybersecurity is Crucial       

Almost every day, a news story comes out that a corporation, nonprofit organization, or government agency has been hacked.  The healthcare industry is no different, and the attacks are becoming more frequent and more serious.  This is such an important issue at the hospital where I work, it seemed pertinent to write a paper on it.  Our IT department frequently makes us aware of e-mail threats, blocks blog sites, mandates automatic logoffs and timed reboots, requires frequent password changes, and regularly reminds us to turn off our computers, log off when finished, and to not share passwords.  Cybersecurity is crucial to protecting patient health information and network systems.

All Healthcare Organizations are at Risk       

Smaller healthcare clinics and doctors’ offices must follow the same mandates as larger organizations when it comes to protecting patient health information.  Healthcare personnel divulging protected information to unauthorized people and hackers using stolen information in identity theft scams are huge concerns that must be addressed (Taitsman, Grimm, & Agrawal, 2013).  Not only must these smaller organizations take appropriate measures to secure patient health information, but personnel must strictly follow policies and protocols.  Simple safeguards, such as screening phone calls, logging off computers, shredding documents, background checks for employees, automatic logouts, and activity audits, protect and safeguard patients and organizations alike (Taitsman, Grimm, & Agrawal, 2013).  Insurance companies, too, must safeguard patients against fraudulent claims.  Consumers must be educated in ways to protect their own healthcare information (Taitsman, Grimm, & Agrawal, 2013).       

Nurses all across the healthcare spectrum are increasingly required to use computer technology, and they must honor patient privacy, confidentiality, and consent while doing so.  Use of the Internet opens the doorway to viruses, worms, adware, spyware, and other forms of malware (Damrongsak & Brown, 2008).  Something as simple as using a shared address book can infect an entire system.  Logging off the computer when the nurse has finished and frequently backing up data can prevent unauthorized intrusions and corrupted data (Damrongsak & Brown, 2008).  Most medical facilities use an intranet, or closed system, in addition to the Internet, that restricts data to a smaller group of people.  Firewalls, encryption, and the use of virtual private networks provide additional security (Damrongsak & Brown, 2008).       

Large government agencies, such as the Veterans Administration, have increased efforts to stave off cyber-attacks, which compromise patient health information and medical devices.  IT specialists have removed medical devices from the VA hospital’s main network systems and connected them to virtual-local area networks (VLANs) (Rhea, 2010).  Without access to the Internet, these devices can be used without fear of attack.  In the past, the main focus has been on identity theft.  But with the rise of international terrorism, there is a growing fear that medical devices may be hacked and used to intentionally harm patients (Rhea, 2010).  Healthcare IT systems have already been crippled by hackers looking to profit from cybercrime.  In 2009, healthcare facilities around the world found medical devices infected with the Conficker virus (Rhea, 2010).  Downtime caused by malware is expensive and inconvenient.  Hospitals are forced to spend money on security that normally would have gone to patient care (Rhea, 2010).  FDA regulations are also a hindrance to quick development of security patches (Rhea, 2010).       

According to author W.S. Chee (2007), a member of the Department of Diagnostic Imaging at K.K. Women’s and Children’s Hospital in Singapore, medical devices connected to a hospital’s network system can lead to critical threats and infestations of malware in these devices.  Hospitals need to act proactively to prevent intrusions and respond immediately if a system becomes infected (Chee, 2007).  Equipment vendors play a huge role because they supply the security measures which protect medical devices (Chee, 2007).  But they can be slow in providing updates and patches.  The FDA, furthermore, determines when and how changes can be made to biomedical equipment systems.  This places the burden on hospitals to protect themselves (Chee, 2007).       

Thomas Klein (2014), managing editor of Electronic Medical Device Technology, asserts that intentional sabotage of medical devices is only a matter of time.  According to researchers, vulnerabilities have been found in infusion pumps, x-ray machines, cardiac defibrillators, and other devices (Klein, 2014).  Since these devices are frequently connected to the Internet, they are vulnerable to malware.  If the network systems are not fully protected, the devices are subject to malicious attack.  The use of USB ports opens a doorway to security breaches and malware (Klein, 2014).  The risk is so great the FDA became involved and now requires that manufacturers consider cybersecurity risks when developing new products (Klein, 2014).       

The expansion of healthcare information technology improves profitability while exposing healthcare facilities to greater risks (Elliot, 2005).  Facilities must create and enforce policies that secure patient health information across all forms of networks and technology.  One solution for managing remote devices is the use of on-demand security services that cease to work once the remote device is no longer in use (Elliot, 2005).  The problem, then, is security on the other end, where patient health information can be leaked or accessed by the user.  This is called post-delivery security (Elliot, 2005).  Solutions include user malware protection, restrictions on use of data, and audits on computer use.  Developing and enforcing security policies that protect patient health information, especially information transmitted to remote devices, is tantamount to avoiding security breaches and corrupted data (Elliot, 2005).       

The latest, and most serious, threat comes in the form of professional IT criminals who use ransomware to extort money from hospitals (Conn, 2016).  One such threat, Locky, acts through ordinary-looking e-mail (Conn, 2016).  When opened, a virus activates software that encrypts the hospital’s IT system.  Then, a window pops up with a ransom demand.  Samas, another threat, uploads encryption ransomware through a hospital’s Web server (Conn, 2016).  A more sophisticated ransomware, CryptoLocker, demands bitcoin as payment because it is nearly impossible to trace (Conn, 2016).  Once paid, the criminals unlock the data in an infected system.  But, should hospitals pay in the first place?  Cybersecurity has become a booming business, with medical facilities now being forced to employ their services.  There is a major concern that medical devices will be the next systems to be hit by cybercriminals (Conn, 2016).

Topic Availability

This topic, as it relates to Nursing Informatics, is too important to ignore.  I used seven resources from scholarly and peer-reviewed publications for this paper.  I pulled my resources primarily from CINAHL and ProQuest.  I found enough materials to give me a broad overview of the topic, but I was disappointed that more current articles could not be found.  Technology changes so rapidly that even a few months can make a difference in security innovations.  I used both the basic and advanced search features and the key words “medical device malware security.”

Information Availability 

This information is available in scholarly and peer-reviewed journals and other publications.  Although the information was geared toward professionals, some publications include short articles that educate the general public about cybersecurity and protecting patient health information.  Nurses benefit from all of these resources because many do not understand the extent of the threat.

Personal Views 

The information I read shocked me (cyberterrorism), confirmed what I see our IT specialists changing at my hospital, and disturbed me (ransomware cybercrime.)  The general public does not seem to be aware of these threats.  As a nurse who uses computer technology every day, I was not aware of the seriousness of this problem.  It never occurred to me that a glucometer or infusion pump could be infected with a virus or that an unscrupulous person would deliberately sabotage somebody’s pacemaker.  When I mention this to other nurses, they are equally dismayed by the possibilities.  They always ask, “Why would somebody maliciously hack into a medical device?”  For people who devote their lives to saving people, the idea is unthinkable.       

The changing landscape in healthcare makes it crucial that ALL medical personnel understand the seriousness of the threats.  As technology becomes more sophisticated, so do the means by which cybercriminals hack into and infect network systems.  Information is compromised, and patient health and well-being are put at risk.

Conclusion

In conclusion, whether it’s a small private practice or a large healthcare system, the increased use of technology poses significant threats to protected patient health information, medical devices, and cybersecurity systems.  Users all across the healthcare spectrum have a duty to behave responsibly when accessing patient records, divulging information, searching the Internet, managing e-mail and faxes, and interacting with colleagues.  Nurses should provide feedback and input about vulnerabilities in security policies and protocols for the protection of themselves and their patients.  They must educate themselves about current threats so they can adapt their practice to avoid unintentional security breaches.  Nurses can also educate their patients in the use of computer technology, accessing patient portals, and protecting patient health information.        

Technology will continue to be a driving force in healthcare.  Along with the downside comes the possibility of lower costs to facilities and patients, improved outcomes, more accurate measurements, increased research, and greater opportunities for nurses to expand their involvement and role in improving healthcare and healthcare informatics.  Requiring nursing students to study nursing informatics increases their awareness of the problems and benefits of  technology.  Hopefully, our physicians and administrators are being trained in this area, as well.  Health information technology specialists are enjoying a surge in employment opportunities as healthcare systems realize the importance of their specialty.  Technology is expensive, but the threats of cybercrime and cyber-attacks are more damaging.  

References

Chee, W.S. A. (2007). IT security in biomedical imaging informatics: The hidden vulnerability. Journal of Mechanics in Medicine and Biology, 7(1), 101-106.

Conn, J. (2016, April). Ransomware scare: Will hospitals pay for protection. Modern Healthcare, 46(15), 8-8.

Damrongsak, M., & Brown, K.C. (2008). Data security in occupational health. AAOHN

 Journal, 56(10), 417-421. Retrieved from 

http://search.proquest.com.resources.njstatelib.org/docview/219399232?accountid=63787.

Elliot, M. (2005, September). Securing the healthcare border. Health Management Technology,

 26(9), 32-35.

Klein, T. (2014, September). How to protect medical devices against malware. Operating Theatre Journal, 14-14.

Rhea, S. (2010, December). Cyberbattle: Providers work to protect devices, patients. Modern

 Healthcare, 40(50), 33-34.

Taitsman, J. K., Grimm, C. M., Agrawal, S. (2013, March). Protecting Patient privacy and data security. The New England Journal of Medicine, 368, 977-979. doi: 10.1056/NEJMp1215258. Retrieved from http://www.NEJM.org.

~

PowerPoint presentation shared at Flagstaff Medical Center in 2016. See it here on Dropbox:

https://www.dropbox.com/s/4o62z11sbzmg5tz/NUR-340%20Power%20Point%20Presentation%20Pisturino%20%281%29.pptx?dl=0

~

Dawn Pisturino
Thomas Edison State University

August 31, 2016; June 10, 2022
Copyright 2016-2022 Dawn Pisturino. All Rights Reserved.

(The references would not format properly.)

8 Comments »

Judging People Superficially

Photo by Photo Boards on Unsplash

As a registered nurse, I took an oath to treat all of my patients equally, regardless of race, color, nationality, religion, sex, or anything else. So, it appalls me when I read stories about doctors, nurses, and even whole hospitals refusing to treat unvaccinated patients. THAT’S POLITICS – NOT HEALTHCARE. If you work in healthcare, you take all the necessary precautions, and you get in there and treat the patient, regardless of your personal feelings. Otherwise, you deserve to lose your license to practice.

In 2008, America had become color-blind enough to elect the first black President, Barack Obama. My husband and I both voted for him and were proud to do so at that time. And yet, here we are, thirteen years later, backsliding as a society into judging people by their superficial appearance and using race, prejudice, and bias to judge and condemn other people. It’s become a real epidemic, and frankly, I’m sick of it, because – once again – this is POLITICS, PROFILING, and BULLYING – something people claim to abhor.

When I was a registered nurse fresh out of school, the housekeeper on our hospital unit refused to clean the room of an AIDS patient. She was afraid, and the hospital sent her home. I volunteered to clean the room since I had established a positive rapport with the patient. I donned the appropriate gear and cleaned the room. While I was in there, she and I conversed, and she revealed how isolated and alienated she felt from other people. I took care of her many times after that incident. And I’m glad I did, because she died a few years later. She was only in her late thirties when she passed away. She was annoying in so many ways! She was demanding and obnoxious! And she had very poor hygiene. She came into the hospital with lice more than once. But she was suffering both physically and emotionally. She was human. I learned a valuable lesson about courage and acceptance. And I never got HIV/AIDS or lice from my interactions with her.

One morning, when I was starting my shift on an inpatient psychiatric unit, two Native American clients came up to me and started complaining about the nightshift nurse. They claimed she was rude to them and, therefore, must be a white supremacist racist who hated natives. Now, I knew this RN very well. I empathized with them because, yes, she could be very rude and abrasive to anybody. But racist? I smiled and informed them that she was a card-carrying member of the Cherokee tribe in Oklahoma. In fact, she is a direct descendant of Sequoyah, the Cherokee who created the first Cherokee language syllabary. The response I got was, “Well, THAT tribe will let anybody in!” However, they both looked very foolish and never mentioned it again. I informed the RN that patients had complained about her being rude, and that was the end of it.

Another morning, it was very early, and the only client awake and in the dayroom was a black man from Africa. He was ranting and raving about how racist the staff were and how victimized he felt. I got sick of hearing about it because I knew it wasn’t true. We had a very diverse team of workers who were black (some from Africa), Hispanic, Native American, white, gay, etc. I had never witnessed any incidences of racism or overheard any racist remarks made by staff on the unit. We all took pride in working as a team to treat our patients fairly, equally, empathetically, and compassionately. I slammed my fist down on the table, which shocked both my co-worker and the client, and said, “Bullshit!” He stopped ranting and raving, and then we talked about what was really bothering him. He was Muslim and needed a place to say his prayers. So I got him blankets and towels and whatever else he needed, and he went into a private place and said his prayers. He never talked about racism again, he participated in the program, and he was discharged a few days later. It may sound rough, but getting past the racism barrier helped this gentleman get the help he needed. I have never lied to my patients and never will. And sometimes the truth, no matter how raw, is what turns people around and sets them free from the demons they are fighting

The counselors on our inpatient psychiatric unit did not like talking to psychotic patients because they saw no value in it. However, I disagreed and always made a point of talking to them, if for no other reason than to establish some kind of rapport. One client was so manic, she was completely psychotic. She would crawl around on the floor, imitating different animals, eat with her hands, and refuse to talk to anybody. This had been going on for a while, without any improvement. One day, when I came on shift, she was in the quiet room talking to herself, dancing, jumping up and down, and basically “bouncing off the walls.” I sat in there for twenty minutes listening to her, asking her questions, and listening for that “thread of truth” that often came through when psychotics babbled on. It became clear to me as I listened to her that she just wanted to be normal and to be treated like everybody else. When I began talking to her about this, she nodded her head and suddenly stopped what she was doing. She calmed down. After that, she stopped all of her bizarre behaviors, took her medications, and quickly got well enough to go home. Why? Because somebody took the time to listen to her and look past her bizarre behavior.

As a registered nurse, especially as a psychiatric nurse, I have seen people at their worst and their ugliest. I have been called names, threatened, and ignored. I have never let that stop me from helping someone, if I could help them. And it has been the difficult ones, the ones who make you want to tear your hair out, who have been the most rewarding, — because they are the people who truly need the help.

Dawn Pisturino, RN

November 6, 2021

Copyright 2021 Dawn Pisturino. All Rights Reserved.

31 Comments »

My Alzheimer’s Nightmare

ribbons-clipart-alzheimers-168094-9406099

 

Today is Mother’s Day – and I salute all of the Mothers of the world! But, I’m glad that my own mother is dead and not dealing with my father’s Alzheimer’s.

My mother died in 2002. A couple of years before she died, my father began exhibiting signs of dementia: confusion, getting lost, argumentative behavior, etc. He did not handle her death very well. In fact, it sent him into a downward spiral. His behavior became more erratic and irrational. His sister talked him into moving near her so they could spend time together.

A couple of months later, my father met – and married – an elderly woman who had a reputation around town for being crazy. The marriage caused an uproar in the family. As people got to know my new stepmother, they began to realize just how crazy she really was. She threw temper fits when she didn’t get her own way. She swore like a sailor, while pretending to be a devout Christian on Sundays. She refused to contribute any of her own money to the household bills. She harassed my father constantly for money. Eventually, the word DIVORCE came up, and we all prayed it would happen.

It didn’t. My father stayed with this crazy woman, getting quieter, more depressed, and more confused. The police were called on more than one occasion because of her temper fits. Finally, against her better judgment, my aunt got involved.

In 2016, it became increasingly clear that my father needed to be evaluated by a neurologist. He was diagnosed with Alzheimer’s.

Alzheimer’s!!!!! Nobody in our family had ever been diagnosed with dementia, let alone Alzheimer’s. The prospects were frightening.

My father refused to take his medications, and my stepmother refused to help him. She refused to let home health into the house to help him. My aunt became ever more involved, checking up on him to make sure he was okay, and coaxing him to take his medications. She got into terrible fights with my stepmother over his lack of care.

Adult Protective Services were called. But they were limited in what they could do. They could not FORCE my stepmother to take care of my Dad or FORCE my father into a nursing home. My aunt and I became more and more frustrated. We knew it was an unsafe situation, and there wasn’t anything we could do.

When my father drove off one day in his van and disappeared for three days, a nation-wide Silver Alert was announced. My stepmother knew he had disappeared and never bothered to call the police. It was my aunt who called them when she discovered he was gone. My Dad saw himself on TV in a convenience store hundreds of miles away, and the cashier called the police. Thank God!

My aunt and I hounded APS after that because my father absolutely refused to go into a nursing home. And my stepmother continued to neglect him and leave him alone for hours at a time, even though she was told not to do that.

Finally, when I was visiting with my father and asking him questions, I began to wonder if my stepmother was even feeding him. He had lost a lot of weight and couldn’t seem to remember when or what he was eating. When I began snooping through the cupboards and refrigerator, I didn’t find much food. I made another report to APS.

By this time, the APS worker had had several run-ins with my stepmother and developed a distinct dislike for her. She decided to act. She spoke to her supervisor, and they made a point of investigating the food situation in the house. After finding little food, and compiling a report on my stepmother’s neglect, they approached a judge, who court-ordered my father into a nursing home. When the case came up for review a few months later, the order was upheld by the judge. The relief we all felt was overwhelming.

Once my father was safe, it became clear that my stepmother could not take care of herself. She refused to pay any bills, and raided as much money as she could from my father’s funds. It took a while, but my aunt finally convinced my stepmother’s children to come and get her and take her home with them to a neighboring state. We were glad to be rid of her!

Alzheimer’s is a terrible disease that robs a person of their identity, their dignity, and their self-respect. It does not kill quickly like cancer. It drags on for years, draining family finances and resolve. My father’s condition has caused a big split in our family over legal and financial matters. And then there’s the guilt – for, no matter how much or how little you do, it will never be enough or the right thing or the thing that satisfies other people.

If you’re struggling with a family member who is suffering from Alzheimer’s, YOU ARE NOT ALONE! We are all in this together.

Dawn Pisturino, RN

May 10, 2020

Copyright 2020 Dawn Pisturino. All Rights Reserved.

 

3 Comments »

Nominated March of Dimes 2017 Nurse of the Year

Nurse of the Year Logo

 

 

I felt honored when a co-worker recently nominated me for a March of Dimes 2017 Nurse of the Year award. Thank you, Jessica!

 

Dawn Pisturino, RN

March 28, 2017

Leave a comment »

%d bloggers like this: