From March 12-18, 2017, healthcare organizations across the country are celebrating Patient Safety Awareness Week. While the campaignâs traditional focus has always been reducing harm in on-site care, information security is also critical to patient safety. An organizationâs inattention to cybersecurity can be dangerous to patients, affecting their safety, identity and financial welfare.
Because exploitable information in an electronic health record (EHR) brings a high price on the black market, IBM predicts the industry will continue to see a growing number of threats in 2017. Despite being under constant pressure to lower healthcare costs for consumers, healthcare organizations simply cannot afford to make cyber security a low business priority. Instead, they must invest in establishing best practices, processes and technologies to protect health data and sustain patient trust.
Here are four tips healthcare leadersâand those in other industriesâcan consider in order to better protect their patientsâ and their customersâ information, finances and safety:
Identify your vulnerabilities.
To address the growing number of cybersecurity threats, healthcare organizations must strengthen their security strategy and adopt a defense-in-depth approach with multiple layers of protection. In order to create an integrated data protection plan, organizations must first thoroughly assess their risk and identify where their most critical information travels and is stored. This information should be protected with technology that resides at the fileâs core, securing data when itâs both in use and at rest.
Weave security into your organizationâs culture.
According to IBM, 68 percent of all network attacks targeting the healthcare industry came from withinâtwo-thirds of which were unsuspecting employees who fell victim to phishing scams, lost laptops, misconfigured servers, etc. For this reason, it is imperative that organizations within the industry establish a security-first culture. This starts from the top-down, with business leaders setting a good example by taking responsibility for turning data security into one of the organizationâs core values through frequent and on-going training.
Protect data on mobile devices.
Mobile computing devices and âsmartâ technology have enabled significant strides in integrated and holistic medical care. Remote outpatient clinicians, home care clinicians, health insurance providers and patients themselves rely on everything from tablets to heart monitors to collect, store, and access personal health information (PHI) and personally identifying information (PII). Maintaining availability, confidentiality, and integrity of this data is critical, whether the device itself is on- or off-line. Additional risk arises if these devices are lost, stolen or breached. Organizations can gain a better handle on their employeesâ and patientsâ devices with data protection that encrypts, shreds and securely stores data, in real-time, without creating any noticeable changes to the end-user. Additionally, healthcare organizations should develop and enforce policies that specify circumstances under which devices can be removed from the facility.
Create an effective incident response plan.
Cybersecurity threats are part of daily operations, in healthcare and in other sectors, and they can happen at any time. Organizations should have a well-trained cybersecurity response team on-call, but they should also have policies and trainings for non-IT employees so everyone knows what to do in the critical minutes following a system breach. Breach response plans must be up-to-date and immediately implementable to prevent a stall in operations, especially in healthcare organizations where every second counts in saving lives.
Related: This Type of Cyberattack Was Almost Impossible to Detect. Until Now.
What do you think? Share comments and feedback with our senior reporter Ariel Robinson on Twitter at @ArielAtWork or by email at ariel@washingtonexec.com!