How healthcare providers mitigate cybersecurity threats has changed greatly over the years, but one thing that has stayed the same is the importance of user education, according to Rush University Medical Center Vice President of IT Operations and Associate CIO Jaime Parent.
Educating employees and ensuring they are aware of a health system's plan when it comes to cybersecurity is vital to success, he says in a recent interview with HealthITSecurity.com. Rush has an awareness campaign called ICARE/IProtect, which Parent says helps to ensure everyone at the organization stays vigilant.
The workforce must be aware and know what to do in the event of a hack, especially because employees are the leading sources of incidents, law professor Daniel Solove said at the 23rd National HIPAA Summit in March. "It really just takes one person to make a big mess of things," he said.
The healthcare industry has seen many attacks on security already this year--with the two biggest breaches impacting health insurance companies Anthem and Premera.
Parent says that incidents like those are learning experiences for any provider.
"After these events, the question I get asked most often is--could this thing happen to us?" he says. "And the short answer is that there really is no 100 percent ironclad way to keep all threats out."
The best start to protecting patients is doing things as basic as installing the most recent anti-virus updates and patch management, he says.
Not everyone is always thinking about security, and the "bad guys are winning right now," he adds.
"The genie is out of the bottle and it's going to stay out of the bottle for a long time," Parent says. "Healthcare will continue to be a target."
To learn more:
- read the article