To 'do no harm,' invest in cybersecurity

When it comes to cybersecurity issues, many in the healthcare industry likely recognize the importance of protecting patient medical data. 

However, as Fairview Health Offices Chief Information Security Officer Judy Hatchett and Proofpoint managing director of health practice Ryan Witt pointed out in a recent HIMSS20 Digital presentation, cybersecurity is also about protecting patients themselves.

“‘Do no harm’ is a principle that I know … providers hold dear,” said Witt in his talk with Hatchett, Why Cybersecurity Is a Core Component of Patient Safety. “Patient safety is a component of that.”

Witt, a HIMSS Cybersecurity, Privacy & Security Committee member, explained that security and data breaches can lead to service outages at healthcare facilities, which in turn can compromise patient health in a real way.

When a facility has “downtime as a result of a cyberattack, almost by definition you are doing your patients harm,” Witt said.

According to a 2019 American Medical Association-Accenture Medical Cybersecurity Survey, 36% of health institutions were unable to provide care for at least five hours as a result of cyberattacks.

“Any sort of cybercriminal activity that drives downtime, that interrupts your system … is potentially impacting patient care,” Witt said. 

Hatchett and Witt said that the majority of cybercrime occurred using phishing – with bad actors often impersonating trusted contacts like the Centers for Disease Control and Prevention, the World Health Organization, and others. 

This tactic is especially notable amid the coronavirus crisis, they said, as message recipients are more likely to be looking for reliable information from health organizations.

“Any time of email compromise is always going to be the number one threat vector,” said Hatchett.

However, she said, it’s also vital to be conscious of the ways a system is protecting connected medical devices, both for the sake of patients who rely on those devices and for the security of the system itself.

Hatchett and Witt also warned about employees’ habits of posting too much information about their professional role on LinkedIn or other social networking sites, as it may make them a target for criminals.

This is especially true for those who hold more frequently attacked positions, such as nurses, pharmacists and researchers.

“Who doesn’t want to brag about what they do on LinkedIn?” Hatchett said. “But there is some risk in doing that. … Put some thought into how much you’re putting out there.”

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article