A large percentage of the reported breaches can be traced
back to human error. Physical security controls break down because a door is
left open. Technical controls break down because a user ID or password is
posted via a sticky note on a computer monitor or because account credentials
are shared and the task at hand absolutely positively need to be done right
now.
Professionals working in the healthcare industry possess
a zeal for protecting the health of their patients and improving how that
support is provided. No legitimate employee wants to intentionally do something
to adversely impact the health of a patient.
Health IT is about promoting the use of IT to support the
healthcare mission. Health IT is all about providing high-quality care more
efficiently, faster and cost effectively by using software and hardware
technologies that have transformed countless other industries. However, these
technologies cannot be deployed without considering the potential new cyber
risks introduced to an organization.
An obvious manifestation of healthcare IT is the
continuing transition from paper-based records to digital health records. But
it does not end there, as wireless technologies have enabled medical devices to
become extended diagnostic and reporting nodes on an increasingly networked IT
infrastructure that shares patient medical records, billing records, financial
records and burgeoning software applications—all accessing databases housed in common
server structures.
How can this extended enterprise be protected? One
approach can be extracted from the "Stop. Think. Connect" campaign
administered by the U.S. Department of Homeland Security (DHS). The intent is
not to make everyone a cyber security expert or to unduly raise fear,
uncertainty and doubt—the intent is to bring some sense of awareness of cyber
security to the general population. The goal of this campaign is to make
someone think—even for half a second—before they take action online.
Do you have a secure connection to the server where you
are about to input your credit card information? Are you authorized to access
the data records you are about to request? Should you post personal information
online for anyone to see? Simply hesitating to consider your actions before
blindly clicking on that link can help prevent obvious human errors from
occurring.
The board of directors of a healthcare organization has a
myriad of concerns—providing sound patient care, maintaining financial viability
and leveraging IT to enhance their operations. Just like healthcare
professionals run their departments, the IT infrastructure should utilize cyber
security experts cognizant of the constantly evolving threats and mitigating
the resultant risks to the organization. As there is never enough budget or
staff to throw at a non- mission essential, yet critical, area such as cyber
security—how can the board cope?
Raise the cyber security awareness of the overall
organization with role-appropriate cognizance of the consequences of individual
actions and how easily one click on an inappropriate link can compromise an
entire network—ultimately leading to the compromise of personal health records.
What is one effective way to overcome this challenge?
Establish a cyber security awareness program.
Creating and operating a cyber security awareness program
to have individuals realize that they play key roles in protecting the digital
health of patients—just as they play direct roles in protecting the physical health
of patients.
No comments:
Post a Comment