Continuing workforce security education will be one of the most important tasks for 2016, St. Claire Regional Medical Center's Randy McCleese tells HealthITSecurity in a recent interview.
"There needs to be continuous education of our employees, staff, or whoever is working with us, whether they're actually on the payroll or not," says McCleese, who is vice president of information security and chief information officer at St. Claire. McCleese also serves as Board Chair of the CHIME Foundation. He says understanding budget constraints and data-sharing limitations will be other challenges for 2016.
Vulnerable medical devices pose a particular security challenge. Smaller organizations might keep devices for 10 or 15 years, when security wasn't on the radar for vendors or healthcare organizations to the extent it is today.
Kentucky-based St. Claire puts networked devices on a separate, virtual network in an attempt to keep them from infecting the "bigger" network, according to McCleese.
Employee education also is essential for BYOD security, McCleese said. St Claire supports a limited number of device types on its network.
It's up to organizations to create a culture of cybersecurity, and that means making sure each employee knows his or her role in safeguarding patient information, Michael Kaiser, executive director of the National Cyber Security Alliance, recently said.
EHRs make employee snooping on celebrities and others easier than ever, but audit trails mean it's also easier to be found out and punished for doing so, as well.
To learn more:
- read the article