Free download – Crisis Tipsheet: Best Staff Practices for IT Security
Predictably, thieves worldwide are attempting to exploit the coronavirus pandemic to hack into healthcare databases. These cyber criminals, in pursuit of fraud and theft, create further disruption for an already overtaxed healthcare system.
In a recent article, Harvard Business Review anticipated that this would happen:
‘’While the world is focused on the systemic threat posed by Covid-19, cybercriminals around the world undoubtedly are poised to capitalize on the crisis by launching a different kind of ‘virus’.”
Now, media organizations such as Wired Magazine are reporting extensively on actual hacking incidents during the coronavirus. Meanwhile, The National Law Review points out that telecommuting creates its own unique opportunities for IT intrusions.
For healthcare leaders, the challenge amounts to effective crisis communication. Employees at all levels of healthcare need to recognize the tactics of hackers in order to be vigilant. Staff needs to know what to look for, such as emails received from unknown senders in the guise of a coronavirus alert. Warning signs of potential security breaches should be taught to staff, but what also needs to be communicated is what to do next. Staff needs to know who to contact in the event of a known or suspected security incident.
An organization could have the most rock-solid IT system possible, but if a single staff member unlocks the door to that system, it’s all for naught. All a staff member has to do is open a suspicious email or click a link into a spam website and all that brilliant IT architecture will not matter.
Right now, planning is the best defense for preventing IT intrusions with potential to further hamper organizations already under severe pressure. To start, revisit basic security measures under the Health Insurance Portability and Accountability Act (HIPAA). While HIPAA is law, it also provides a sensible framework for base-level security practices across an organization.
The underlying call of HIPAA security regulations is to create a culture of vigilance, so that staff members are prepared to be front-line enforcers. This means people on the front lines know when to be suspicious and know what to look for. In military parlance, it is called situational awareness. In daily practice within healthcare, it means workers at their computer stations can sniff out an IT attack. And when they do, they know to stop working and quickly notify a supervisor or a technical expert, thereby successfully preventing any malicious security intrusions.
In a landmark study in December 2018, industry experts likened small precautions to hand sanitizer — in that small safety measures each day can prevent big problems. At this time of pandemic, these routine safety habits are critical to keep IT systems working properly so full focus can be where it should be: on patient care.
Diane Evans is Publisher of MyHIPAA Guide, a HIPAA consultancy and subscription service, and she can be reached at [email protected].
Click here for a complimentary download titled Crisis Tipsheet: Staff Best Practices for IT Security.