- Creating a strong culture of healthcare cybersecurity, including employee education, risk assessments, and information sharing are all essential aspects for healthcare organizations currently, according to industry stakeholders.
Cook Children’s Health Care System Senior VP & CIO Theresa Meadows explained in a recent CHIME blog post that healthcare IT teams must understand potential threats to respond to them in the best way and mitigate damage.
Building a culture of healthcare cybersecurity is one key step, she wrote. This includes educating employees about the threats and underlining the need for proper cyber hygiene.
“Know the strengths and weaknesses of your cyber infrastructure and practices,” added Meadows, who is also chair of the Health Care Industry Cybersecurity Task Force. “Assess risks, including staff noncompliance to safe practices, and determine a plan to address or mitigate those risks.”
Furthermore, organizations need to establish an ongoing education program for all employees about cybersecurity and cybersecurity threats. Good security practices must be enforced, she stressed.
“Address myths. There are many myths about cybersecurity, for instance, that appropriate security controls decrease productivity,” Meadows said. “Use your C-suite and physician champions and educational sessions to debunk those myths.”
Patients must also understand the consequences that stem from inadequate security measures. With medical device security for example, patients should know how they may be affected if a device is added to a network but appropriate security measures were not taken.
“Don’t allow complacence. There is an overall trust in healthcare that a cyber incident could never happen to an individual’s organization,” Meadows maintained. “The WannaCry and Petya attacks earlier this year have helped to convince some that the threat is real and universal. In truth, every organization no matter what the size, is at risk, and it is critical to have a plan in place to address that risk.”
HIMSS Director of Privacy and Security Lee Kim also discussed healthcare cybersecurity best practices in a recent blog post, further stressing the need for proper education at all levels.
“More people are interested in learning about healthcare cybersecurity (and cybersecurity generally),” Kim wrote. “However, I have also found that the ‘depth’ to which they want to learn may vary. Getting too technical with jargon may lose many people. Cybersecurity information (and education) must be communicated in a way in which anyone can understand it.”
Increased cybersecurity literacy and awareness can also reduce risk from the human element, she added. Organizations need to “stay ahead of the threat” and an enthusiasm for learning more about healthcare cybersecurity will aid entities in that strategy.
“While not everyone may want to be in the trenches of cybersecurity, people want to learn more about how cyberattacks occur and how they can do their part to protect their organization and its assets,” Lee said. “This is a great development. It used to be that people really did not care about cybersecurity (or the hidden dangers).”
Information sharing will also be essential in strengthening healthcare cybersecurity measures, she continued. Collaboration will help organizations stay ahead of threats, both inside the industry and in other sectors (i.e. financial, manufacturing, energy).
“Either we learn about threats that may occur (but have not happened yet in the field) or we may learn about threats that may have already occurred to other entities, either within our healthcare sector or external to our healthcare sector,” Lee stated.
Overall, the increase in interest is a positive step forward for healthcare, she concluded.
“Whether you are a seasoned IT security professional, physician, nurse, office manager, or an informaticist that now has cybersecurity responsibility at your organization (or an up and coming professional in the field), we need your help to improve the state of healthcare cybersecurity,” Lee said. “In closing, I am sincerely appreciative of everyone who is helping us fight the good fight.”