Page 93 - Cyber Defense eMagazine June 2020 Edition
P. 93

Steps to be taken to ensure the security of data

            Looking  at the  increasing number of data breaches in healthcare over the years raise the alarm for
            healthcare organizations to take strong measures to deal with the situation and ensure that they should

            be ready to deal with these threats. They need to change their approach from being reactive to proactive
            in their approach to deal with the situation. Some of the actions they may take are as follows:


            a)  Raising awareness of vulnerabilities and threats among users

            Users are the one posing major threat to any information systems. Users in case of healthcare information
            systems include patients, hospital staff, doctors, nurses, therapist etc. who are using the systems to store,

            retrieve or analyse care data.  Any human error or carelessness in using a system may lead to data
            breach. Thus, healthcare organizations should ensure that they provide training to the employees with
            respect to the usage of HIS as well as what are the risks associated with them. Users should have a clear

            understanding of what kind of data they are dealing with and how sensitive the data is and what steps
            they should take to ensure that none of their actions should cause the breach. It may be as simple as

            ensuring that they log off from the system after using it, don’t share their login credentials even with peers
            and keep their laptop safe. The awareness regarding the security should not be one-time activity, users
            should be reminded again and again over a period for better results.


            b)  IT Compliance

            Organizations that follow security compliance are always at lower risk and better prepared to deal with
            security threats. NIST, HITRUST, Critical Security Controls, ISO, COBIT are few examples of the IT

            security frameworks followed by organizations all over the world. In a 2018 HIMSS Cybersecurity Survey,
            NIST  was  identified  as  the  most  popular  framework  adopted  by  57.9  percent  of  the  healthcare

            organizations. The guidelines for security standards differ from country to country for example ISO 27001
            is applicable internationally while HIPAA is applicable in the United States.

            The benefit of compliance to any security standard ensures that proper measure has been taken by the
            organization to safeguard the data. In addition to that they also have well-defined procedures for risk

            management and business continuity in the organisation.


            c)  Using Artificial intelligence-based security solutions

            Latest trends in IT security is the use of artificial intelligence-based security solutions. The benefit of using
            AI-based solutions is that they have the capability of identifying any unusual activity or behaviour in the






            Cyber Defense eMagazine –June 2020 Edition                                                                                                                                                                                                                         93
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   88   89   90   91   92   93   94   95   96   97   98