Hospices Face Cybersecurity Risks

Increased technology utilization in end-of-life care has come with innovative care delivery opportunities alongside cybersecurity risks.

Hospices have widened the breadth of ways they leverage technology including artificial intelligence-assisted (AI) patient therapies to boost quality and use of predictive analytics to improve access and length of stay. Additionally, hospice providers have also integrated various electronic medical record (EMR) systems that build operational efficiencies and create standardized processes that have helped improve compliance.

Technology is gaining momentum in end-of-life care delivery, with hospices carefully navigating the opportunities and risks, according to Jody Rudman, partner at the law firm Husch Blackwell.


“AI in the health care space is … a bit of a double-edged sword because as amazing as the frontier is that we’re currently in, there is a flip side to that [of] risk,” Rudman said during a recent Husch Blackwell podcast. “That presents the opportunity to figure out prospectively how to keep risks at a minimum. It’s a terribly exciting frontier, we just need to go in it with caution.”

Patient data protection is paramount during a time of evolution in health care, according to Rudman. Hospices have faced increased risk of cybersecurity threats that have included incidents of exposed private health information belonging to patients.

The scope of cyber-related health care crimes has expanded in terms of the types of fraud and malfeasance, particularly in the end-of-life care space, according to Meg Pekarske, partner at Husch Blackwell. The impacts of cybersecurity breaches can be particularly difficult to navigate among vulnerable terminally ill patient populations, Pekarske said.


Hospices need a firm understanding when it comes to both the impacts and types of cybersecurity threats, she indicated.

“The scale is different of all this cyber crime, like being able to sell [patient] data,” Pekarske said. “Some of this is playing out in a different way and in a different scale of human frailty. It’s a lot to think about in terms of how much you spend on IT professionals and what your budget was 10 years ago versus what you need now.”

Data breaches can be expensive for hospices to manage in terms of responding to any associated monetary fines and making robust security enforcement changes, Rudman stated. Responding to cybersecurity issues can also include the utilization of extensive operational resources alongside possible litigation, she added.

The ability to weather regulatory or legal concerns involves timely responsiveness to patient data breaches and solid practices around AI and predictive analytics utilization, Rudman said.

Ensuring that IT professionals are well-versed in potential compliance red flags, such as documentation errors, is key for hospices to build systems that identify areas of risk, Pekarske stated. Additionally important is budgeting for both staff training and ongoing updates to technical systems that safeguard against patient cyber safety threats, she added.

Regulators are narrowing focus on how hospice and other health care providers are maintaining patient data security, with negligent practices among their concerns, Pekarske said.

Hospices need to prepare for greater regulatory oversight related to cybersecurity as federal and state watchdog agencies increasingly seek ways to curb fraudulent activity, according to Rudman. Hospices that have experienced some form of cyber security breach may see increased scrutiny as regulators keep a close watch on hacked organizations, she stated.

“Data privacy and cybersecurity are going to be an important function of state [law] enforcement for the next several years, and particularly with the FBI and its cybersecurity task forces will want to go after the bad guys that are hacking and infiltrating the hospices and the health care clients,” Rudman said. “[It’s] thinking about crisis and incident response and what you’re going to do if something like this happens. That ounce of prevention is really a great idea these days.”

Companies featured in this article: