CIOREVIEW >> Healthcare >>

Healthcare Data Security Requires Active Employee Participation!

By CIOReview | Monday, April 16, 2018

The healthcare industry is being ravaged by threats which show no sign of abating. Increasing ransomware attacks can seriously cripple hospital networks and hamper services. Healthcare data is highly prized on the black market as there are several lucrative ways to use it for fraudulent means, making it a more attractive target than financial or other types of personal data.

Even as the hospital security understands these threats and worry about the theft of sensitive patient data and invest in technical controls to protect their network, they frequently overlook the human element in security. Most hospitals have an effective security policy, but without adequate awareness and training, the staff might open suspicious links or take needless risks that compromise on it. They need to be educated on secure, risk-free behavior and the essential strategies to ensure data security.

A security campaign for healthcare workers needs to gradually develop as an ongoing behavioral program that starts by conducting a high-level risk assessment to identify organizational issues and how staff behavior affects them.  Device malfunction, system outrages and stolen or manipulated data contribute to risks that staff needs to be made aware of, along with how to react to each.

The content of the behavior-change security program should be interesting. It is essential that it is not generic but aids workers in understanding the importance of security and their role in protecting data. Ensuring that only relevant information reaches each employee increases the attention paid to this information, which should be constantly reinforced at teachable moments. Depending on the organization, gamification may also be used effectively to encourage appropriate practices.

The security behavioral program should empathize with healthcare workers and seek to integrate data security into their daily responsibilities alongside patient care.