In the healthcare space, the clinical workforce must be cyber aware, and conversely, the cyber security team needs to maintain clinical awareness. How can leaders reconcile knowledge gaps across disparate and complex domains? In this article, we discuss how cyber security leaders can increase cyber security awareness among healthcare professionals. We’ll provide intervention-based best practices for effective, quality outcomes.
The importance of cyber security in healthcare
Clinicians are focused on continuously delivering high-quality care to patients. From a clinical standpoint, physicians and nurses need for medical implements, instruments, machines and apparatuses to simply work – regardless of cyber security details. In the same vein, due to healthcare’s intensity and sometimes frenetic pace, clinicians may ignore messages from the chief information security officer.
But the importance of data security in healthcare has never been more pronounced, and every clinician, regardless of pedigree or skill, must come to see that cyber security powerfully protects patient health. The compromise of critical patient data, and its unauthorized use could place lives at risk. The unauthorized manipulation of treatment information, for instance, could lead to loss of life.
What to know about cyber security messaging
In order to avert negative cyber security outcomes, and to bring clinical staff on-board with cyber security awareness and hygiene, “Messaging is key,” says Srinivasan Suresh, Vice President, Chief Information Officer and Chief Medical Information Officer at UPMC Children’s Hospital of Pittsburgh.
How to improve cyber security messaging
- Provide your clinicians with a ‘steady IV drip’ of information, says Cindi Carter, former Deputy CISO for Blue Cross, Blue Shield Kansas City, and currently a CISO for Check Point. “I think cyber security gets a bad rap,” says Carter. We need to elevate our brand beyond the stereotype of “hoodies and hackers” with “no social skills”, to let the clinicians know that we truly care about their work in caring for others, just as we care about protecting them.Security must be woven into the healthcare value chain. It shouldn’t be tacked on as an afterthought at the end, Carter explains.
- One of the most effective way to involve clinicians in cyber security initiatives is to invite them to participate in the conversation at the very beginning, rather than waiting to bring them into the dialogue until after months have lapsed and major decisions have been made. “Secure From the Start” is a way to invite that collaboration across the organization, says Carter.
Cyber security as a component of quality care
Patients need quality care that sustains strong physical, intellectual and emotional health outcomes, and the protection of their healthcare data is a component of that. A cyber attack has the potential to affect a given individual’s or population’s physical health, and it may cause social and emotional difficulties should personal information become compromised and find its way into public view.
Creating the best clinical and cyber outcomes
“Patients need to get the best medical health outcomes” all the way around, “while having their data protected,” says Carter. It is a continuous challenge to “keep it private, share it with everyone”.
“At the end of the day, what is the quality of that experience going to be like?” Just as clinicians take the Hippocratic Oath, of which the first principle is to “do no harm., cyber security practitioners are deeply rooted in human safety, both in the digital and physical realm. Working together to improve clinical and cyber security safety is the healthy way to go!
About Cindi Carter: At Check Point Software Technologies, Cindi is a Chief Information Security Officer in the Office of the CISO, committed to helping other CISOs achieve success in both strategic and tactical initiatives. Cindi possesses a firm grasp of the challenges surrounding the security, privacy, and risk management landscape, and is a trusted advisor within Check Point as well as for our customers. More recently, Cindi was the CISO for IntSights Cyber Threat Intelligence; Cindi also served as VP and Chief Security Officer at MedeAnalytics; and prior to that Cindi was the Deputy Chief Information Security Officer at Blue Cross and Blue Shield of Kansas City. Cindi is also the founding president of Women in Security- Kansas City, and has been honored as part of SC Media magazine’s “Women to Watch in Cyber Security” list and in Cybersecurity Venture’s book “Women Know Cyber: 100 Fascinating Females Fighting Cyber Crime.”