Healthcare Data Security Requires Active Employee Participation!
The healthcare industry is being ravaged by threats which show no sign of abating. Increasing ransomware attacks can seriously cripple hospital networks and hamper services. Healthcare data is highly prized on the black market as there are several lucrative ways to use it for fraudulent means, making it a more attractive target than financial or other types of personal data.
Even as the hospital security understands these threats and worry about the theft of sensitive patient data and invest in technical controls to protect their network, they frequently overlook the human element in security. Most hospitals have an effective security policy, but without adequate awareness and training, the staff might open suspicious links or take needless risks that compromise on it. They need to be educated on secure, risk-free behavior and the essential strategies to ensure data security.
A security campaign for healthcare workers needs to gradually develop as an ongoing behavioral program that starts by conducting a high-level risk assessment to identify organizational issues and how staff behavior affects them. Device malfunction, system outrages and stolen or manipulated data contribute to risks that staff needs to be made aware of, along with how to react to each.
The content of the behavior-change security program should be interesting. It is essential that it is not generic but aids workers in understanding the importance of security and their role in protecting data. Ensuring that only relevant information reaches each employee increases the attention paid to this information, which should be constantly reinforced at teachable moments. Depending on the organization, gamification may also be used effectively to encourage appropriate practices.
The security behavioral program should empathize with healthcare workers and seek to integrate data security into their daily responsibilities alongside patient care.
By Nancy S. Wolk, CIO, Alcoa - Global Business Services
By John Kamin, EVP and CIO, Old National Bancorp
By Gregg T. Martin, VP & CIO, Arnot Health
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Bryson Koehler, EVP & CIO, The Weather Company, an IBM...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Lowell Gilvin, Chief Process Officer, Jabil
By Dennis Hodges, CIO, Inteva Products
By Gerri Martin-Flickinger, CIO, Adobe Systems
By Walter Carvalho, VP& Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Kushagra Vaid, GM, Server Engineering, Microsoft
By Steve Beason, Enterprise CTO, Scientific Games
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Alberto Ruocco, CIO, American Electric Power