Updated March 30, 2022
Cyber security is a billion-dollar threat to healthcare organizations. Whether due to hacking or negligence, a security breach is an IT Manager’s worst nightmare.
The cost of data breaches to US healthcare organizations was $11.8 billion in 2019. And the risk is rising. In February 2022 alone, the records of nearly 1.7 million patients were affected in a series of cyber-attacks.
The risk has been exacerbated during the COVID-19 outbreak. The number of cyber attacks has increased as cyber criminals attempt to take advantage of the situation to steal COVID-19 data or to spread dangerous malware. It’s a situation which has prompted UK and US governments to issue a joint warning.
How safe is your organization really? Staff are your greatest defense – and your biggest risk. For IT and information security teams, it’s critical that staff adhere to best practice. Correct behavior must become second nature. This is your 7-step plan to achieving better healthcare cyber security.
(Source: Modern Healthcare)
Work with colleagues across the business to form a cyber security leadership team. Enlist staff from HR and Internal Communications to help craft employee messages and spread the word. Solicit backing from senior executives to imbue the initiative with greater authority.
Collaboration delivers stronger results, faster. Every team member contributes unique strengths, and each helps distribute cyber security messages throughout the business.
This is the integral first step in avoiding becoming another casualty of a hospital cyber-attack.
Cyber security planning is as important as any other disaster preparedness plans, according to the Healthcare Information and Management Systems Society (HIMSS) 2022 conference.
Use a campaign approach for your employee communications. Plan the optimal audiences, messages, timing and channels. Consider these questions: do different groups of staff need to receive different content? When is the best time to send messages (for example, at the beginning of shifts)? What communication channels work best for different staff?
Effective communicating comes from making messages memorable. Take a lead from Marketing – create a strong visual brand for your cyber security messages. Use a consistent color theme, icon or logo across all cyber security communication. This helps build instant recognition of what the message is about and strengthens awareness among employees.
(Source: Adobe/Fortune magazine)
Things move fast in today’s digital workplaces. Training is essential to keep both technical and clerical staff up to date with the latest threats and best practices. Despite this, a recent poll found that 1 in 4 healthcare employees have never received cyber security training from their employer.
Maximize your training effectiveness for time-poor staff – encourage attendance and reinforce learnings. Send an RSVP alert to all staff to encourage them to attend, and to capture their preferences for venue, timing etc.
Consider calling in the experts. Arrange a local cyber security specialist to visit your workplace and deliver a presentation to staff. This can provide valuable independent support and demonstrate the organization’s commitment.
Don’t make it hard for staff to find your policies and resources on cyber security. Set up and promote a central intranet repository where all assets can be read and downloaded. Make material available across multiple sites or locations, so that staff at each can easily access what they need.
Demonstrate to patients how serious you take their data privacy. Publicize how privacy is embedded into the organization by referencing it in displays on reception desks, posters in waiting rooms etc.
Hospital cyber security communication can’t be a ‘one and done’ job. Staff need to be continually reminded, however good your training is.
Worryingly, more than half of all cyber security breaches are caused by human error. Lapses of concentration, failing to follow process or accessing dangerous files can be costly. Passive reminders or tips are especially important for ward-based staff. They’re understandably busy with patients, not busy thinking about cyber security.
Create a series of corporate wallpaper messages with helpful tips (such as guidance on creating a strong password). Or introduce a notification for the start of shifts highlighting known current threats, like phishing attacks.
Involve staff more actively by asking for their suggestions and feedback. They may have ideas for improvements or can identify areas of concern related to new technology. Tapping into their knowledge from ‘on the ground’ can be hugely valuable.
Circulate staff surveys to give everyone their say on the subject. As well as providing a rich source of information, this also allows IT Managers to identify those teams most at risk, and which have specific training or system needs.
Make sure to celebrate success with all employees. It’s more than just confirmation of compliance – it’s valuable positive reinforcement of everybody’s efforts at protecting cyber security.
Produce a monthly update of achievements to acknowledge and encourage good behavior. This could include the number of attacks foiled or phishing simulation tests passed.
Share these messages on digital signage screens, email newsletters or anywhere else staff will see it.
Want to see how these message templates could help your healthcare organization?
Try them for yourself with a free 30-day trial of SnapComms.
Prevention is the best protection for cyber security. Following this 7-step plan will help you keep your organization safe, improve cyber security awareness, and avoid crippling breaches and data loss.