The healthcare industry is arguably one of the most
information-intensive. Personal health data is part of a critical pathway that
impacts our everyday lives and health. The integrity and confidentiality of
these data is paramount, not only for individual well-being but for continued
innovation within the industry.
Being part of the big data revolution, at a time when the
landscape of cybercrime has never been so threatening, has meant that the
healthcare industry is a prime target for cyber-attack. In 2014
the FBI gave out a warning that the healthcare industry was
neglectful in its attitude to cyber-security threats when compared to other
industry sectors. The result of this is borne out in evidence found by IBM
X-Force Research, which shows that the healthcare industry was the most
frequently attacked industry in 2015. This is likely due to the unique position
that the healthcare industry finds itself in: Healthcare faces a gap between
handling the massive data generated by the wider industry, and understanding
and mitigating the threats posed by cybercrime.
The situation is also compounded by the speed at which
technology is changing. New ways of generating sensitive information are
entering the information arena. According to research by PWC, 86% of
clinicians believe that mobile apps will be an important part of patient health
management in the next few years. And the entry of the internet of things (IoT)
into healthcare adds a new layer of data protection previously not experienced.
With all of these variables coming into play, we need to
take a pro-active stance and build a program of security awareness. Security
awareness uses education and knowledge to tackle the specter of security
threats, in all its forms. Security awareness covers the whole gamut of
security and builds up a knowledge base across your extended workforce around security
issues that they can call upon to help mitigate risks. Security awareness
training brings everyone in the organization together under an umbrella of
training. It ensures that the playing field of knowledge around cyber security
threats is level. Security awareness is about:
- Creating
a culture of pro-active security—understanding what is happening in the
wider security landscape, such as the significance of phishing
- Creating
a respect for individuals’ privacy
- Knowing
what protected health information (PHI) actually is and why it needs to be
protected
- Understanding
that security is part of the whole organization and impacts everyone
- Knowing
which security and privacy rules apply to healthcare and what impact they
have
Done well, security awareness training can become as
integral a part of your overall security strategy as the technology you use to
prevent the cyber-attacks.
No comments:
Post a Comment