Healthcare breaches continue to be featured in the news. Hospitals continue to be ideal targets for hacking and other cybersecurity threats. This is evidenced by the increasing number of cyber attacks, including sophisticated ransomware attacks on hospitals. Many hospitals are beefing up their technologies and infrastructure to address the threat of cyber attacks. But they are neglecting a major weak link in data security: the clinicians.
Getting the clinicians on board
Although doctors generally understand the importance of cybersecurity, they are usually reluctant to take the extra precautions needed to secure patient data against cyber threats. This reluctance is probably partly because they believe that such efforts may interfere with patient care. In life or death situations, where every second can count, having a difficult process for doctors to authenticate to get to patient records may cost lives.
Without physician engagement, however, efforts to prevent hacking and other cybersecurity threats cannot succeed. To prevent patient data, including social security numbers, address info, and insurance and Medicaid data from getting into the hands of the bad guys, hospital cybersecurity experts need to engage withthe hospital staff.
Designing convenient security systems
The issues clinicians have with data security protocol compliance are compounded by the need to make decisions fast to save lives. Doctors usually need quick access to information to make life and death decisions. Requiring doctors to go through a number of authentication layers can slow down treatment. Hospital staff will sometimes try to bypass these tough security measures, leaving patient data at the risk of being compromised. It is therefore important to make data security systems as convenient as possible to the clinicians. Some hospitals are attempting to increase convenience by providing mobile devices and replacing traditional patient identification systems with biometric systems.
Communicating with clinicians
One reason there are conflicts between cybersecurity experts and clinicians is communication breakdown. Doctors may not understand why certain security measures have to be taken. This is especially the case when there is a new security issue or immediately after a data breach. Cybersecurity experts can get good results by selling the security measures as a patient safety intervention as opposed to explaining them away as administrative issues. IT experts can share data that shows the impact of cybersecurity threats on patient outcomes. For example, a study by Cornell University academics found that data breaches increase a hospital’s 30-day mortality rate. Cybersecurity experts can use data from such studies to appeal to the clinicians' life-saving instincts and to show them the need to be data security-conscious.
Efforts by the healthcare community to reduce the tide of cybersecurity attacks against hospitals have largely been unsuccessful. Experts believe that this failure is partly due to sidelining clinicians when designing hospital security systems. When cybersecurity experts increase the convenience of the security systems and they properly explain how such systems can impact patient outcomes, there are more likely to succeed in getting hospital staff to do their part in protecting patient data.