In part 1 of a two-part series discussing current trends in healthcare, I addressed how a lack of diversity can create an unconscious bias when it comes to how patients receive care.
The other big challenge facing the healthcare industry was hospital security in the face of catastrophic events, i.e. emergency preparedness against physical and cyber attacks.
While a data breach or unconscious bias in a retail or utility setting may have less of a physical impact, a data breach in healthcare can be as significant as preventing you from getting the care when you need it most.
Here are some examples of what other industries are doing to mitigate security issues and how hospitals and other healthcare organizations can apply them to the healthcare industry.
Defending Against Attacks – Why breaches can be indirectly lethal
While diversity and inclusion are growing initiatives for companies, the topic of cyber security is still seen as a reactionary measure for many – like buying a security system or car alarm after a break-in.
The prevalence of cyber-attacks is increasing as evolving technology continues to change the way we access our work.
New technology provides new opportunities for how work gets done, but it also exposes new avenues for those wishing to wreak havoc and cause harm.
James Carder, Chief Information Security Officer (CISO) at Boulder-based LogRhythm and recent recipient of CISO of the Year at the Colorado Technology Association’s Apex Awards, says organizations are failing at timely detection of threats:
“Less than half of all surveyed organizations are able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour.
Timely detection of and response to cyberthreats have been and remain major challenges for all organizations. It takes time to understand the full scope of an incident and determine how best to neutralize it. Being able to respond and contain a major incident within an hour is a difficult task but is one that is necessary if you want to prevent a significant breach and associated brand damage in today’s day and age.”
No other industry has bigger obligations to prioritize personal data security than healthcare based on the simple fact that human lives depend on the right information to be readily available in the moments that count.
When minutes and seconds matter – any delay can have a potentially lethal impact.
Healthcare data breaches lead to a reduction in the quality of care provided to patients, according to a study recently published in Health Services Research.
“A ransomware attack that prevents clinicians from accessing patient data will limit their ability to provide essential medical services to patients, so a delay in conducting tests and obtaining the results is to be expected. However, the delays were found to continue for months and years after an cyberattack was experienced…. Hospitals that experienced a data breach also saw an increase in the 30‐day acute myocardial infarction mortality rate. The mortality rate at breached hospitals increased by as much as 0.36%.”
Now, researchers also suggest that it’s not data breaches themselves that have an impact but rather the hospital’s subsequent scramble to recover after an attack:
“Delays in providing medical services following a cyberattack is due to the steps hospitals have taken to improve the security of their systems and better protect patient data, along with the increased Health & Human Services (HHS) oversight that occurs after a data breach is experienced.”
Taking pre-emptive measures to protect data should couple technology with training and change management programs to educate your employees to recognize and mitigate these ever-evolving risks.
How a Utilities Company Mitigates Attacks Through Behavior Change & New Technology
Propeller recently engaged with a major utility company for guidance on how to best prepare their organization to face the increasing risks associated with both cyber and physical attacks from nation-states and other criminal actors.
The project was focused on reducing the cyber, physical, and human attack surface by instituting a combination of both technology improvements coupled with a large change management program to help employees step into more secure behaviors. Ultimately, the client achieved a 20% reduction year over year in phishing campaigns by:
- Increasing reported secure behaviors
- Empowering employees to drive the discussion to help their company be more secure
Closing Security Gaps at a Pacific Northwest Hospital
While cyberattacks are more common, the less-likely physical attacks, like an active shooter or bomb threat, pose a significantly more dangerous direct threat. Propeller worked with a west coast-based hospital system to address physical attack mitigation, security, and communication gaps following an active shooter threat.
In order to develop an emergency alert and notification process for catastrophic events, Propeller worked in partnership with myriad stakeholder groups including IT, hospital administration, providers, security teams, telecommunications, and outside technology vendors. The program established processes and protocols for alerts to inform the many teams and individuals throughout the hospital facility, both on-site and dispersed, of an incident and was implemented across all existing communication networking and systems, including mobile devices.
Getting started
Whether it’s setting up a diversity initiative in your company or implementing new security processes and change initiatives across your organization, here are some key tips to get your project started. Need more hands-on help or advice? Get in touch to let us know what you’re working on in your organization and how we can help.
