Healthcare Data Security Requires Active Employee Participation!
The healthcare industry is being ravaged by threats which show no sign of abating. Increasing ransomware attacks can seriously cripple hospital networks and hamper services. Healthcare data is highly prized on the black market as there are several lucrative ways to use it for fraudulent means, making it a more attractive target than financial or other types of personal data.
Even as the hospital security understands these threats and worry about the theft of sensitive patient data and invest in technical controls to protect their network, they frequently overlook the human element in security. Most hospitals have an effective security policy, but without adequate awareness and training, the staff might open suspicious links or take needless risks that compromise on it. They need to be educated on secure, risk-free behavior and the essential strategies to ensure data security.
A security campaign for healthcare workers needs to gradually develop as an ongoing behavioral program that starts by conducting a high-level risk assessment to identify organizational issues and how staff behavior affects them. Device malfunction, system outrages and stolen or manipulated data contribute to risks that staff needs to be made aware of, along with how to react to each.
The content of the behavior-change security program should be interesting. It is essential that it is not generic but aids workers in understanding the importance of security and their role in protecting data. Ensuring that only relevant information reaches each employee increases the attention paid to this information, which should be constantly reinforced at teachable moments. Depending on the organization, gamification may also be used effectively to encourage appropriate practices.
The security behavioral program should empathize with healthcare workers and seek to integrate data security into their daily responsibilities alongside patient care.
By Tom Farrah, CIO & SVP, Dr Pepper Snapple Group
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Phil Jordan, CIO, Telefonica
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Dennis Hodges, CIO, Inteva Products
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sven Gerjets, SVP-IT, DIRECTV
By Marie Blake, EVP & CCO, BankUnited
By Lowell Gilvin, Chief Process Officer, Jabil
By Walter Carvalho, VP & Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Marc Jones, Distinguished Engineer, IBM Cloud Infrastructure