Security Technology Executive

MAY-JUN 2016

Issue link: https://securitytechnologyexecutive.epubxp.com/i/690996

Contents of this Issue

Navigation

Page 25 of 91

26 SECURITY TECHNOLOGY EXECUTIVE • May/June 2016 www.SecurityInfoWatch.com SECURING HEALTHCARE can steal Social Security numbers, birthdates, patient-provider numbers, and other personal information. These can be used in anything from building false identities to filing false insurance claims. In some cases, the biggest threats to health- care facilities are their own employees. Almost a quarter of security incidents in healthcare in 2015 were caused by employees misusing their privileges[xv]. In other cases, employees are a gateway for cybercriminals. More than three- in-ten breaches in healthcare in 2015 were the result of lost or stolen information assets (i.e. USB flash drives, laptops, mobile phones), and close to one-in-five were the result of a miscel- laneous employee error[xvi]. Healthcare systems are also unintentionally opening a door to cybercriminals as the push con- tinues to modernize health data storage. Hospi- tals and health insurance providers are moving to cloud-based systems that allow for easy access to medical records by doctors, nurses, administra- tors and patients. While this makes a visit to the hospital or doctor's office more efficient, it also opens a virtual entry point that can be accessed from anywhere in the world. You must start by educating employees when dealing with the threats of cyber-attacks on an organization. They need to understand the lat- est best practices when it comes to operating a health data network. This includes avoiding emails and attachments from unknown senders and not sharing personal information via email. A well-trained staff will be able to identify risks before they happen. Health data networks must also upgrade their security. While there are many conversa- tions across the industry about using technology to modernize healthcare, it is vital that advanc- es in technology are accompanied by advances in security. This includes building a skilled and trained team of information data security profes- sionals who can monitor for attacks and maintain a current, protective firewall. The Role of Education in Planning Security risks are evolving at such a rapid pace that organizations of all sizes are struggling to maintain a security workforce with the skills necessary to thwart criminal actions. A good plan needs a team of trained professionals with a strong set of soft skills to be properly exe- cuted. As leaders in education, it is our duty to work with industry leaders to arm our students with the skills they'll need to face current and future security challenges within the health- care industry. At the University of Phoenix, we're prepar- ing to launch the Cyber Security and Security Operations Institute, which represents the con- vergence of cyber and physical security. It will prepare students with the training and compe- tency to address 21st-century security risks and the skills to adjust to future challenges. We have also worked with security indus- try partners to develop the Enterprise Secu- rity Competency Model, a first of its kind set of competencies that is the initial step toward aligning skill sets needed to improve security across all industries. This includes the health- care industry where a skilled and trained secu- rity workforce is vital to protecting the delivery of care to those who need it. When it comes to protecting the healthcare system, the best defense can sometimes be a good offense. It is critical that the healthcare and security industries work together to ensure all employees of healthcare facilities are ade- quately trained to protect themselves and their patients from harm. ■ About the Authors: Mark Logan is an assistant dean with University of Phoenix College of Security and Criminal Justice and the director of the University of Phoenix Center of Research Excellence. Dr. Kirsten Hoyt is the Academic Dean with University of Phoenix College of Information Systems and Technology and the co-director of the University of Phoenix Cybersecurity and Security Operations Institute. Notes of Reference: [i] U.S. Department of Public Health and Human Services; Incorporating Active Shooter Incident Planning Into Healthcare Facility Emergency Operations Plans, page 5 [ii] The Center for Disease Control: Public health preparedness and response in the USA since 9/11: a national health security imperative [iii] U.S. Department of Justice; A Study of Active Shooter Incidents in the United States Between 2000 and 2013, page 6 [iv] U.S. Department of Justice; A Study of Active Shooter Incidents in the United States Between 2000 and 2013, page 40 [v] U.S. Department of Justice; A Study of Active Shooter Incidents in the United States Between 2000 and 2013, page 43 [vi] Healthcare and Public Health Sector Coordinating Council; Active Shooter Planning and Response in a Healthcare Setting, page 2 [vii] ibid [viii] Healthcare and Public Health Sector Coordinating Council; Active Shooter Planning and Response in a Healthcare Setting, page 2 [ix] Healthcare and Public Health Sector Coordinating Council; Active Shooter Planning and Response in a Healthcare Setting, page 8 [x] U.S. Department of Public Health and Human Services; Incorporating Active Shooter Incident Planning Into Healthcare Facility Emergency Operations Plans, page 11 [xi] NBC News; Hollywood Presbyterian Medical Center Pays Hackers $17K Ransom [xii] The Washington Post; MedStar Health turns away patients after likely ransomware cyberattack [xiii] Symantec: Internet Security Threat Report, April 2015, page 82 [xiv] Federal Bureau of Investigation; Healthcare Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain [xv] Verizon; 2016 Data Breach Incident Report: Healthcare [xvi] ibid

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - MAY-JUN 2016