Don Kelly, information security officer at Indian River Medical Center in Vero Beach, Fla., discusses the importance of awareness and communication when dealing with hospital data protection.
Question: What do you consider to be the most important aspect in hospital data protection?
Don Kelly: In my opinion awareness is most important. While technology can solve many of the problems we face there are always holes that our users always manage to find. Staying available to speak to departments and their users is critically important as data protection doesn’t need to feel like Big Brother. Once they realize we share common goals I have found most users are more than willing to communicate with us before issues arise.
Q: How do you train clinicians and front-line staff to protect patient data and avoid cyberattacks?
DK: At IRMC we conduct face-to-face training with all new employees including clinicians at new hire orientation. I personally spend about 45 minutes making employees aware of information security and how they should change their behavior to protect our sensitive information. I give a general overview of threats that affect IRMC, then focus on several specific topics such as password creation, phishing detection, USB handling and locking of screens. We also distribute security alerts at least quarterly and on an as-needed basis.
Q: What do you see as the next big cybersecurity threat hospitals should look out for and why?
DK: I think it is and always will be disinterested or ignorant employees unaware of what proper cyber hygiene looks like. When I take the time to explain simple things like why and how encrypted email is necessary I usually see the lightbulb go on. Ransomware and malicious hackers will always be a threat, but the vast majority of our issues originate from employees either acting hasty or with disregard for policy.
To learn more about hospital and health system cybersecurity, as well as the key trends for CISOs, register for the Becker's Hospital Review 4th Annual Health IT + Revenue Cycle Conference Sept. 19-22, 2018 in Chicago. Click here to learn more and register.