Two of the biggest buzzwords in today’s headlines are “healthcare” and “cybersecurity.” As the new administration has taken significant steps in repealing and replacing the Affordable Care Act, questions about personal information flood the inboxes of the legislators. Additionally, continued concerns about the security of classified information, personal sensitive data, and more plague the citizenry as anonymous hackers leak passwords and dossiers.
Now more than ever, cybersecurity for healthcare data is urgent. Healthcare institutions are notoriously behind the times when it comes to adopting new technology, but because of public frenzy around data security, hospitals and labs are stepping up their measures.
In a now infamous case, Hollywood Presbyterian Medical Center suffered a severe security breach last February. Hackers took the hospital’s systems hostage by means of some malware. The hackers withheld access to the data from the staff unless the ransom of 40 bitcoin, which loosely converted to $17,000. The FBI launched an investigation, and while the cybersecurity experts started designing a new method for preventing such an event from occurring again, the hospital was reduced to keeping pen-and-paper records for some time.
As embarrassing and potentially damaging as personal data hacks can be, hostage situations like the one that occurred in Hollywood can be potentially deadly for the hundreds of patients who rely on functional hospital systems to keep them alive and well. The Office for Civil Rights released a statement in late February declaring that increasing the security of sensitive healthcare information is tantamount to national security.
One of the simplest measures? Corporate culture. At a recent cyber security forum specifically focused on healthcare, some security experts noted that most hospital employees don’t give security measures a second thought because their primary focus is their patients’ immediate needs and regular day-to-day business.
As I mentioned in my last blog about engagement, it’s really important that you get the buy-in when you’re rolling out new security measures. New security measures may be a nuisance, from the frequently changing passwords to the added layers of credentials needed to access information, but laying out the importance of the extra steps will help ensure that employees adopt the new practices. Continuous training and positive reinforcement will augment the initial rollout and foster the culture of caution and security.
The US Department of Health and Human Services recently released a document with 10 steps that will help cybersecurity measures work in tandem with the employees at an organization to keep hackers at bay. Some of those tactics include general safety and caution like securing smartphones and monitoring physical access to data. Other methods include programs and firewalls the companies can use to shield themselves.
In the modern era, we need to ensure that hospitals are safe from those who want to incite harm and fear into the public. To achieve safety for our most vulnerable citizens, we need to combine air-tight programs for data security with strong and ongoing employee buy-in. That way, we stay safe no matter what.