No industry is spared from cyber-attacks. But some have greater consequences than others. When a hospital or medical group experiences a breach, people’s private and legally protected data can become public information with the click of a button. Attacks on healthcare systems are only growing, the U.S. Government Accountability Office reporting increases in cyber cyber-attacks every year. These incidents impact more than people’s privacy; they can cause extensive delays in necessary medical services and treatments, as evidenced last year in an attack on Change Healthcare.
There are certainly effective steps to stemming the flow of information in a leak, but – much like in medicine – preventative measures can make a huge difference in warding off serious damage. Getting ahead of data leaks means building security into patient care culture. This can be accomplished with the 3 E’s: expectation management, ease-of-use, and education.
Expectation management
Years of television and movies have led people to believe that a hacker looks like a nefarious villain dressed in all black, accessing data from far away behind a screen. We don’t often think a cyber breach could arrive in the form of a coworker, a vendor, or a client. But in reality, not all breaches are malicious. In fact, many HIPAA violations happen simply because people don’t associate their actions with privacy breaches.
Healthcare systems need to rethink expectations of what a threat looks like and build that perception shift into their security culture. Much like defensive driving, expecting cybersecurity threats from all angles, even the ones that seem familiar, prevents people from letting their guard down and unwittingly creating opportune circumstances for a data leak.
Ease of use
This piece of advice applies to all industries, and to any workplace that wants to set itself up for success when it comes to cybersecurity: keep it simple!
There are many doors through which a cyberattacker can access data, and similarly, there are many forms of protection that can be utilized. But when all these layers of defense live in different tools, with various passwords, multiple layers of authentication, and endless platforms to learn, users are more likely to skip a step or let something slip through the cracks. Simplifying your cybersecurity systems by keeping your lines of defense within a single, streamlined platform makes compliance easier and employees happier.
Education
People often ask me what the key to secure data is. In my years at Hornetsecurity, the technology has advanced and changed significantly, but my answer has always stayed the same: consistent training. Of course, robust, next-gen technology is a must no matter what. However, while many attacks can be fought off by technology alone, others slip through the best of systems due to human error. All it takes is one click on a harmless-seeming link in a phishing or scam email! As a result, it is essential for end users to have an understanding of cybersecurity threats and solutions to be fully effective.
Medical professionals protect their patients from harm on a daily basis and, with access to the right training, they can also safeguard sensitive data from bad actors. Thorough, comprehensive, and ongoing training of healthcare professionals is critical in order to protect medical information. Such training should include real-life examples that employees are likely to face in their specific sector and should be continuously updated to reflect advancements in the tools they use and the ways by which hackers might access them.
Healthcare is an industry of urgencies, and it’s perhaps unsurprising that cybersecurity might often take a back seat to more other immediate matters. However, cyber-attacks in medical systems can be devastating to patients and have the capacity to hold up the delivery of life-saving medications, procedures, and insights. Armed with informed expectations, easy-to-use tools, and educational programming, healthcare professionals can pivot from stopping the bleeding to preventing the injury in the first place.
About the Author
Andy Syrewicze, Security Evangelist at Hornetsecurity, is a 20+ year IT Pro specializing in M365, cloud technologies, security, and infrastructure. By day, he’s a Security Evangelist for Hornetsecurity, leading technical content. By night, he shares his IT knowledge online or over a cold beer. He holds the Microsoft MVP award in Security.
Andy can be reached at https://www.linkedin.com/in/asyrewicze/ or the company website https://www.hornetsecurity.com/en/
