HIMSS 2017: Social media posts trigger cyber concerns

facebook laptop
Social media posts containing employee information can be used by hackers to access medical records.

ORLANDO, Fla.—For hospitals, a seemingly innocent Facebook or Instagram post from a clinician can quickly turn into a cybersecurity vulnerability.

The age of social media has left hospitals and health systems in the complicated position of attempting to ensure pictures posted online don’t inadvertently expose patient information or give hackers just enough information about a physician to gain access to login credentials, Don Lindsey, vice president and CIO of Tallahassee Memorial Healthcare, told FierceHealthcare at the HIMSS 2017 conference in Orlando, Florida. 

“With the younger generation coming out and joining healthcare, keeping things private is always a challenge,” he said, adding that one new doctor even posted a picture of a patient.

The most common anecdote, Lindsey said, is the overexcited resident-turned-physician who pridefully posts a picture of his or her badge online. Hackers can use that badge information, combined with social engineering, to impersonate that clinician and gain access to the hospital’s medical record system.

Lindsey said Tallahassee Memorial is looking to partner with some local colleges and universities to provide education to incoming doctors and nurses, along with real-world examples of social media posts that could expose the hospital to a breach. Meanwhile, the hospital’s in-house training serves as the primary barrier to ensuring clinicians aren’t posting their information online.

Often, Lindsey said, word-of-mouth is the only way the security finds out about a post, so the hospital relies on training and awareness within its staff. 

“The human factor is the hardest part,” he said. “You’re only good as good as your security awareness training program.”