Cybersecurity in Healthcare – The Human Factor

KristiSylingBy Kristi Syling, Compliance Officer at PerfectServe
Twitter: @PerfectServe

Following the Anthem breach, and more recent Premera breach, cybersecurity and protecting patient data is top of mind for every organization in the healthcare industry. Every cybersecurity solution out there will tell you they have the latest and greatest technology for detecting the bad guys and keeping them out. The truth is, you can have the best systems in the world, but how your staff interacts with the technology is just as important. For example, if a phishing email makes its way to a staff person’s inbox, all it takes is one employee to activate a malicious file on their desktop and the bad guys have access to your entire network.

Cyber-criminals are advancing right along with technology, so educating your staff is an absolute priority. However, it can sometimes be a challenge to get everyone on the same page. Here are some tips to ensure organizations are in the best position to protect against today’s evolving threat environment:

  • Bring all departments into the fold – Ensuring security isn’t just the realm of the IT department. All groups, on both the clinical and administration sides, need to have a stake in the protection of patient data. An internal security committee made up of representatives from each department can make sure that all groups, including board members and the C-suite, have buy-in. The group should also conduct formal risk assessments and identify any areas at risk for a data breach, then develop plans to educate and communicate protocols throughout the organization.
  • Spread the word on new procedures – To ensure cybersecurity measures are taken seriously across an organization, the message needs to be delivered from the top and repeated often. Organizations must provide employees with training sessions on a regular basis, frequent reminders to speak up about suspicious emails, prompts to change passwords regularly and encrypt communication with protected health information. This way it’s clear that the matter isn’t taken lightly.
  • Learn from recent cyber-criminal activity – Cyber-threats are a new territory for everyone. Use recent breaches and cyber-criminal activity to educate your staff and provide training. Chances are that when the media is covering a breach, people will be interested in learning how to protect themselves both at home and at work.

Unfortunately these cyber-criminals are advanced in their tactics, and there’s no end-all-be-all solution to guarantee they are kept out of your organization. But there are ways to make it harder for them to get in, and it starts with educating your team on security best practices, as well as how to recognize a potential threat.

This article was originally published on The Connected Clinician and is republished here with permission.