As the health care industry continues to grow, the threat of cyber crimes and breached databases loom large. Cyber security professionals are unanimous in the assertion that the weakest link in any computer system network is the user. Regardless of the protection mechanisms in place, the user represents the single greatest risk of system compromise.
According to the Department of Health and Human Services, the ability for the health care industry to guard itself against cyber-attacks is paramount. Not only is it necessary for health care institutions to protect their systems from breaches, it is also immensely important that they have the necessary insurance coverage to ensure that they are able to cover the costs associated with a breach.
The Presence of New Threats Drive New Practices
Because the greatest risk - the user - cannot be easily fit into a rigid security protocol, it becomes necessary to develop a well-conceptualized list of best practices that will reduce the risk of system compromise due to user error. According to a report released by the SANS Institute, new threats are driving the need for improved practices concerning cyber security.
Establishing the Proper Security Culture
When it comes to creating a security-focused protocol, it must be done through practices that are built in, instead of being bolted in.
In other words, it is best accomplished through the conduit of culture.
Something as complex as cyber security cannot be effectively managed through the use of a checklist: it begins with fostering a mindset among users that compels them to seek to protect the network systems by following security protocols. Some of the key components that will help to create this kind of culture are:
- Consistent education and training programs that are frequent and detailed in scope
- Developing a mindset of accountability, holding users responsible for how they access and use the system, an understanding of security measures, and consistently stressing security as a core value
- Managers and supervisors setting a good example, resisting the natural urge to practice exceptionalism
Protecting patient and employee information should be something that becomes second nature within healthcare institutions.
Protecting Mobile Devices and Laptops
The technology revolution has put the best technology available in the hand of the private consumer, and these individuals are using these devices to access company networks. While this has its advantages, one of the negative implications of this behavior is its high security risks. Mobile access has facilitated the complete untethering of Electronic Health Record from the desktop, making it available over numerous mobile devices.
The fact that the devices are often personal devices means there is a high likelihood that a user will have a third-party application that can compromise the security of data. This makes the transportation of data via a mobile device is extremely risky.
Liability Insurance Coverage for Breaches
As health care institutions continue to increase the amount of personal data that they store, the risk of data security systems being breached also increases. Anytime that a data breach occurs, and personal information is compromised, the chance of lawsuits increase. This is why health care companies must consider the need to invest in cyber liability insurance to counter the potentially devastating effects of a cyber attack, as well as the subsequent lawsuits and potential fines.
For some time, the health care industry has been considered a very lucrative arena for fraudulent activity, and in recent years the amount of cyber activity in this area, has increased exponentially. With the rapid advance in technology, there are simply more mediums through which cybercriminals can exploit weaknesses. And, being that the weakest link is the user, these new technological devices will be directly associated with the weakest link.
As the trend of driving sensitive data further and further outside of the protective environment of organizations continues to increase through the use of mobile devices, cloud computing and mobile identity mechanisms, the need to push the security mechanism being used closer to the data, itself, continues to increase.
Michael Rogers is the Operations Director of USInsuranceAgents.com. With over 5 years of experience and knowledge in the insurance industry, Michael contributes his level of expertise as a leader and an agent to educate and secure coverage for thousands of clients