Healthcare Data Security Requires Active Employee Participation!
The healthcare industry is being ravaged by threats which show no sign of abating. Increasing ransomware attacks can seriously cripple hospital networks and hamper services. Healthcare data is highly prized on the black market as there are several lucrative ways to use it for fraudulent means, making it a more attractive target than financial or other types of personal data.
Even as the hospital security understands these threats and worry about the theft of sensitive patient data and invest in technical controls to protect their network, they frequently overlook the human element in security. Most hospitals have an effective security policy, but without adequate awareness and training, the staff might open suspicious links or take needless risks that compromise on it. They need to be educated on secure, risk-free behavior and the essential strategies to ensure data security.
A security campaign for healthcare workers needs to gradually develop as an ongoing behavioral program that starts by conducting a high-level risk assessment to identify organizational issues and how staff behavior affects them. Device malfunction, system outrages and stolen or manipulated data contribute to risks that staff needs to be made aware of, along with how to react to each.
The content of the behavior-change security program should be interesting. It is essential that it is not generic but aids workers in understanding the importance of security and their role in protecting data. Ensuring that only relevant information reaches each employee increases the attention paid to this information, which should be constantly reinforced at teachable moments. Depending on the organization, gamification may also be used effectively to encourage appropriate practices.
The security behavioral program should empathize with healthcare workers and seek to integrate data security into their daily responsibilities alongside patient care.
By Michael Hedges, VP and CIO, Medtronic
By Susan Doniz, Global CIO, Aimia
By Scott Welty, VP-Retail Strategy, JDA Software
By Deborah Gash, VP & CIO, Saint Luke’s Health System
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Alberto Ruocco, CIO, American Electric Power
By Lisa Feldner, VC for Institutional Research & IT, North...
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Tom West, M.B.A., CIO, Nova Southeastern University
By Laura Jackson, Sr. Manager-Risk Management, ABS Consulting
By Bob Fecteau, CIO, SAIC
By Edward Grassia, CIO, Washoe County School District
By Henry Bailey, Global VP, Utilities IBU, SAP
By Elizabeth Hackenson, CIO & SVP of Global Business...
By Rosello, SVP & CIOO, Alliance Data Card Services
By Joseph Santamaria, CIO, PSEG [NYSE: PEG]
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Chad Lindbloom, CIO, C.H. Robinson
By Denise Zabawski, CIO, Nationwide Children's Hospital
By Charles Koontz, President & CEO, GE Healthcare IT & Chief...