Valuable Security Assets Are Human, Not Technical

You already know that the biggest threat to healthcare IT security is the human element. But if human beings are the greatest vulnerability, that also makes them the strongest asset. Here’s why.

According to the 2016 HIMSS Cybersecurity Survey, the two primary healthcare IT security concerns among provider organizations (hospitals and physician practices) are phishing attacks (most pressing concern for 77 percent of respondents) and viruses/malware (67 percent). Both events require a responsive actor on the organization side of the transaction for hackers to access patient data.

It may seem like this is a rather straightforward problem to resolve—just make sure clinicians and staff have the requisite knowledge and are savvy enough to not get duped, and all is good. In reality, especially among larger organizations with hundreds of potential points of entry, turning human beings into alert sentries is a constant human behavioral challenge.

So what strategies can even a large healthcare organization employ to ensure that the people who use IT systems are firmly engaged in system defense?

Train, train and then train some more. A study by Wombat Security Technologies and the Aberdeen Group suggests that upgrading employee awareness can reduce security risk by anywhere from 45 to 70 percent. Among the highlights of the report are these bits of crucial and related information:

There is no such thing as a 100 percent secure IT system if it is used by people. It makes little sense to invest heavily in technology if you fail to effectively train system users.

An organization with $200 million in annual revenue can expect to lose $2.5 million per year from infections borne of employee behavior, with an 80 percent chance the loss could jump to $8 million annually. (Note that this is across organizations and not specific to healthcare.)

Don’t assume that any bit of information about system security—maintaining strong passwords, keeping mobile devices secure, navigating the internet safely and so on—is common knowledge to employees and staff. Someone may not know something that will cause your organization harm.

Your goal in training is to inculcate a culture of security that becomes second nature to every user beyond just IT staff. Indeed, you are working to expand the awareness of the IT team outward to all staff and employees.
According to the results of another recent survey conducted across industries by Experian Data Breach Resolution and the Ponemon Institute, there is room for much improvement when it comes to preparing employees.

HealthDataManagement

« Russian Citizen Charged With Hacking LinkedIn
US Banks Face New Demands To Protect Themselves From Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Workz Group

Workz Group

Workz connects and protects mobile subscribers of today and tomorrow by providing secure removable or embedded SIMs and remote provisioning solutions for consumer, M2M and IOT devices.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.

Softsource vBridge

Softsource vBridge

Softsource vBridge are an ICT systems integrator providing specialist technology solutions, professional services, technical expertise and data centre services.