Build the CyberSecurity Culture Your Hospital Needs, Part 1: Strategic Essentials

Hospitals are overdue. Their affirming HIPAA compliance is one thing — a very good thing — but it’s not enough to protect them from the dangerous cyber attacks the healthcare industry experiences every day. A giant leap from basic regulatory compliance to the challenging achievement of a genuine cybersecurity culture is needed. Healthcare workers must become highly sensitized to identifying the risks of criminal or inadvertent compromise to valuable personal, patient and organizational data, and then understand how to overcome potential threats effectively. Even with institutional policies, security officers, training programs, and technology-based security protections in place, many individuals continue to make poor decisions that expose important data to extreme risk of compromise and theft.

Your staff, executives and vendor partners must arrive at the point when they’re no longer learning about dangers and protections but have actually incorporated this knowledge into their mindsets and daily practice. Most security professionals know this is easier said than done. Twenty years from now, perhaps consistent security awareness will be second nature for healthcare workers, as it already is for most bank employees — without learning hard lessons from painful breaches first.  Let’s talk about how a transformative cybersecurity culture can be built proactively, starting today, instead of waiting until the worst happens to your hospital.



Service Desk: The First Line of Defense In Hospitals’ Shadow IT Crisis

Shadow IT is a concern for nearly 90% of organizations responding in a recent HDI research report about unauthorized cloud app use and its impact. As I reported in a post last year, the average healthcare organization uses an astounding 928 cloud services, but their IT departments reported knowing about just 60 cloud services on average. Employees bring cloud services into their work places for increased productivity, usually without the knowledge of IT, sometimes creating serious security risks. There is no one better positioned than the IT support center to help manage the use of shadow IT and mitigate the risks to your hospital. How?