Healthcare News & Insights

How to promote accessibility in healthcare cybersecurity

The more accessible healthcare information is, the more value it provides to patients and providers alike. But much of this information is sensitive, privileged or regulated, making it highly vulnerable when traveling in and out of networks. In this guest post, David Wagner, president and CEO of an email security company, details how to promote accessibility in healthcare cybersecurity.

__________________________________________________________

The healthcare industry suffers a cybersecurity conundrum: While effective healthcare administration depends on the efficient exchange of this information with trusted vendors and other third parties, employees are often a source of security vulnerability.

In fact, 63% of IT professionals in industries including health care are worried about the accidental mishandling of information, closely followed by the 61% worried about intentional mishandling. And given the fact that almost half of all healthcare breaches in the first half of 2017 were caused by insiders, that concern is justified.

Problem of accessibility in cybersecurity

While the difficulties healthcare organizations face in the cybersecurity realm aren’t necessarily distinct to that industry, those enterprises are pulled in two very different directions that make their cybersecurity efforts more difficult: patient care and patient protection.

The most important aspect of people’s lives is their own health and the health of their loved ones. That’s why the core mission of hospitals, doctors and treatment centers across the country is preserving patient health and foregrounding care. It makes sense IT may be a lower priority for senior leaders. Where budget constraints are a constant concern, those leaders often focus on treatment technologies as opposed to IT, and while that’s certainly understandable, it unfortunately doesn’t mitigate the vulnerability such a focus induces.

Yet healthcare organizations do understand the need for more comprehensive cybersecurity. In response, many have implemented protections to address some of the lingering concerns and prevent data breach fallout, such as huge fines, long-term penalties and damaged public trust through the U.S. Department of Health and Human Services’ “Wall of Shame.” If users aren’t committed to using those protections consistently, though, they undermine even the best efforts of an organization.

Healthcare employees are already bombarded with policies and procedures. Wanting productivity to go up and frustration to go down, they can be tempted to work around cybersecurity tools that utilize awkward interfaces or that require extra steps and more time to complete routine tasks. As a result, they turn to insecure channels, such as private email accounts or unauthorized cloud storage.

Regardless of whether these workarounds are frequent or pervasive across an organization, every instance creates a major attack and compliance risk that the healthcare industry can’t afford to take.

Selecting cybersecurity tools with the user in mind

IT leaders and teams have a lot to consider when choosing cybersecurity tools, but accessibility and ease of use must be primary considerations. Even if you don’t expect users to circumvent protections or believe that such circumvention is possible, simply relying on this unfounded assurance is a quick way to put your organization at greater risk.

Here are a few technical strategies that IT leaders and teams can use to prioritize accessibility:

  • Retire legacy IT: The whole concept of the “user experience” in cybersecurity is a fairly recent one. Older IT systems often require mazes of inputs and commands, all made worse by the fact that legacy systems don’t receive the updates and support required for today’s ever-evolving cyberattack landscape. Now, newer tools for cybersecurity are built with the needs of both back-end administrators and front-end users in mind. IT leaders and teams who upgrade their systems can help increase compliance from employees.
  • Rely on cloud providers: Because cloud companies compete to serve large numbers of users with greater ease, vendors work hard to optimize accessibility. In general, cloud-based tools are designed to be as intuitive and unobtrusive as possible so implementation is easy. Certainly, not all vendors are equal, but most of them will offer a better user experience than an on-premises solution.
  • Protect with automation: Anytime a cybersecurity tool requires users to choose where and how protection is applied, you leave your organization open to mistakes and risks. By using automatic policies and focusing security efforts on highly vulnerable business tools like the email inbox, you can mitigate the greatest amount of risk and decrease the chance for user mistakes or workarounds.

Accessibility and technical tools to enhance it are important, but employee buy-in must stay in focus as well. Users should be eager – not just able – to protect data to the fullest extent. When employees understand how catastrophic a breach would be both personally and organizationally, they become more committed to following policies and procedures to the letter. A combination of education, training and testing with easy-to-use next-generation tools will help ensure cybersecurity processes are seamless and applied throughout an information ecosystem, making accessibility standardized, simplified and streamlined.

David Wagner serves as the president and CEO of Zix, a leader in email security, and has more than 25 years of experience in the IT security industry.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.