Page 93 - Cyber Defense eMagazine June 2020 Edition
P. 93
Steps to be taken to ensure the security of data
Looking at the increasing number of data breaches in healthcare over the years raise the alarm for
healthcare organizations to take strong measures to deal with the situation and ensure that they should
be ready to deal with these threats. They need to change their approach from being reactive to proactive
in their approach to deal with the situation. Some of the actions they may take are as follows:
a) Raising awareness of vulnerabilities and threats among users
Users are the one posing major threat to any information systems. Users in case of healthcare information
systems include patients, hospital staff, doctors, nurses, therapist etc. who are using the systems to store,
retrieve or analyse care data. Any human error or carelessness in using a system may lead to data
breach. Thus, healthcare organizations should ensure that they provide training to the employees with
respect to the usage of HIS as well as what are the risks associated with them. Users should have a clear
understanding of what kind of data they are dealing with and how sensitive the data is and what steps
they should take to ensure that none of their actions should cause the breach. It may be as simple as
ensuring that they log off from the system after using it, don’t share their login credentials even with peers
and keep their laptop safe. The awareness regarding the security should not be one-time activity, users
should be reminded again and again over a period for better results.
b) IT Compliance
Organizations that follow security compliance are always at lower risk and better prepared to deal with
security threats. NIST, HITRUST, Critical Security Controls, ISO, COBIT are few examples of the IT
security frameworks followed by organizations all over the world. In a 2018 HIMSS Cybersecurity Survey,
NIST was identified as the most popular framework adopted by 57.9 percent of the healthcare
organizations. The guidelines for security standards differ from country to country for example ISO 27001
is applicable internationally while HIPAA is applicable in the United States.
The benefit of compliance to any security standard ensures that proper measure has been taken by the
organization to safeguard the data. In addition to that they also have well-defined procedures for risk
management and business continuity in the organisation.
c) Using Artificial intelligence-based security solutions
Latest trends in IT security is the use of artificial intelligence-based security solutions. The benefit of using
AI-based solutions is that they have the capability of identifying any unusual activity or behaviour in the
Cyber Defense eMagazine –June 2020 Edition 93
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.