An effective cybersecurity policy starts with a well-trained hospital staff

An effective cybersecurity policy starts with a well-trained hospital staff

February 16, 2018
Health IT
Seana-Lee Hamilton
From the January/February issue of HealthCare Business News magazine
HealthCare Business News recently spoke to Seana-Lee Hamilton, manager of information privacy and privacy officer at Fraser Health Authority, regarding cybersecurity and the need to maintain patient privacy and protect health care information.

HCB News: What are the major cybersecurity threats that health care organizations face right now?

Seana-Lee Hamilton: The most significant threat to cybersecurity and patient privacy is literacy of users, making sure they understand the need for safeguarding patient data and protecting the hospital’s network. BYOD and staff properly using the hospital’s network are among the greatest issues facing cybersecurity professionals in hospitals today. Whether it’s employees accessing their Facebook page or checking their personal web mail, or plugging in their own USB memory stick, they’re introducing network threats and making the hospital, its staff and their patients significantly more vulnerable to the ugliness of a cyber event. BYOD initiatives need to be rolled out utilizing best practices in technology, user terms of use and corporate policy. Hospital policies have allowed these sort of things, and now we need to review policies and probably create new ones that will both allow people some privileges when they're working, but seal contain or entirely close off vulnerabilities that come with a BYOB environment.

New & Refurbished C-Arm Systems. Call 702.384.0085 Today!

Quest Imaging Solutions provides all major brands of surgical c-arms (new and refurbished) and carries a large inventory for purchase or rent. With over 20 years in the medical equipment business we can help you fulfill your equipment needs


From another literacy-level view, one of the biggest areas we can't control is phishing, and this is how many ransomware attacks and other items are originating. Employees must understand how phishing works and how their actions affect the network. A basic understanding starts with emphasizing that the service desk will never ask you for your user ID and password.

Health care is different and more vulnerable to cyber events because of the advanced technical tools utilized, including diagnostic and imaging tools, as well as biomedical equipment. For instance, our medical imaging equipment, our CT scanners and our MRI machines are all very advanced, technical units, and the technology involved affords a vulnerability, and thereby, must be strategically checked.

Health care organizations must have policies and assessments in place for patches and security upgrades for clinical information systems and EHRs. Security and privacy professionals must look at these systems and ensure all necessary security upgrades are complete.

These systems also introduce the insider threat to protecting patient data. Hospitals must know who is accessing patient data and why. Auditing patient data access is the only way to truly understand how patient data is being accessed, providing an opportunity to better protect that data. To get a true look at this data, technology must be implemented. We use Security Audit Manager from Iatric Systems to show us a clear picture of how patient data is being accessed, so we can properly address any issues.

You Must Be Logged In To Post A Comment