Cyber security and what you need to know

Guest author Frank W. Nagorka, JD, EMT-P

It is simply impossible to go more than a day and not see a news article talking about a data security breach. It is absolutely vital in Emergency Medical Services that we safeguard data and harden the tools that we use every day to communicate and run our operations. The purpose of this brief article is to provide you a glimpse of the issues involved and make some concrete suggestions to help you do your job even better.

High efficiency organizations are by their very nature data driven. Data makes our organizations both strong and weak. It makes them strong because with data and an understanding of that data efficiency ensues and resources are used well. Data, or rather the lack of it, can weaken your organization if access to that data is either impaired or destroyed. For example, ransomware can stop your business in its tracks. Ransomware can be defined as software surreptitiously installed on your business that locks down your data and requires you to pay a ransom to have your data unlocked and made available to you. If you don’t have backup, that will allow you to restore your data to its uninfected state, you may literally be put out of business. There is no good evidence that even if you pay the ransom that your data will become unlocked. Thus, it is imperative that you have a comprehensive and from the ground up cybersecurity policy. 

Malware can take a variety of forms and the ransomware phenomenon is but one of them. For example, all of us have heard of computer viruses and no doubt we all have taken steps to make certain that our systems are not infected. However, just because you have an antivirus program does not mean that you have met the standard of care for keeping your system safe. 

Perhaps the best way to make certain that you have taken all the necessary steps to protect your computers and assorted peripherals from cyber-attack is to perform a security audit. Do not think that your IT staff can handle this security audit on its own. You should consider retaining an outside consultant to perform a thorough security audit and carefully consider the recommendations contained within the audit. At a very minimum, you will have a plausible legal defense should your computer systems become compromised. 

Some EMS providers only look to their computer systems when they consider cybersecurity.  However, the IoT (Internet of Things) is becoming a consideration for those in the know. For example, ambulances have GPS units and automated features on ambulances and radios. So as is evident, emergency services have to be continuously vigilant to protect their assets, their employees, and their patients. There have been reports that certain vehicular systems (telematics) have been compromised. You certainly do not want to be the poster child for the failure to harden and safeguard your assets. In reality anything that is connected to a network can be compromised, so it only sensible to review your assets to determine what is vulnerable. A great question to ask at this point is what is your touch point for reliability? When people seek out emergency services, they expect it to be timely and reliable. 

The best practices path would be to outsource a review of any system that has a connection to the internet.  You should listen closely and perform a risk benefit analysis and move forward. The default position is generally to do nothing but that is not you, is it?

This document is intended for general information purposes only, and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. This document can’t be assumed to contain every acceptable safety and compliance procedures or that additional procedures might not be appropriate under the circumstances. Markel does not guarantee that this information is or can be relied on for compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. Persons requiring advice should consult an independent adviser.  Markel does not guarantee any particular outcome and makes no commitment to update any information herein, or remove any items that are no longer accurate or complete. Furthermore, Markel does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content.

*Markel Specialty is a business division of Markel Service, Incorporated, the underwriting  manager for the Markel affiliated insurance companies.
© 2022 Markel Service, Incorporated.  All rights reserved. 
Was this helpful?