Healthcare organizations collect and store a lot of patients’ personal data, including health insurance information, birth dates, Social Security numbers, etc. In case of a data breach, unauthorized individuals may get access to all this information, thus compromising patients’ privacy. For example, in a cybersecurity incident that occurred in 2018, the personal information of 45,000 patients at the Rush Health System was disclosed due to improper actions of billing processing vendors (Schencker, 2019). Security breaches lead to large fines: the average cost per record is $380, while the total amount of fines may reach up to $5.5 million (Conaty-Buck, 2017). Data breaches in healthcare facilities greatly impact patients, and they may lose confidence in the healthcare system.
Cybersecurity hygiene means activities performed by employees and system administrators, which help protect the organization against a cyberattack. Bad security hygiene is a major risk that is associated with an organization’s networks. It refers to various practices that compromise the security of organizational data and may include using work devices for personal purposes, having weak passwords, and not doing regular backups. Health care organizations should establish a culture that will create awareness about the risk and introduce cautious measures. Measures to be put in place include educating the staff about cyber security and its impacts. I would develop a culture of security awareness by conducting regular training programs for employees because evidence shows that one-time education interventions are ineffective in changing employees’ behaviors (Ghazvini & Shukur, 2017). I would also ensure that the content of the programs is relevant to employees’ job duties to ensure that they can contribute to improving cybersecurity.
My personal action plan to ensure technology security would include several actions that can be characterized as good cybersecurity hygiene. First, I would ensure that the technology I use is up-to-date and uses high-quality data encryption protocols for transmitting organizational data. Second, I would create strong passwords for any systems I use for work, and I would have different passwords for various systems. I would also not use devices provided by the employer for my personal use. This is important, for example, to avoid becoming a victim of a phishing attack and compromising the security of the organizational data. Finally, I would report any suspicious incidents or concerns to the IT department.
References
Conaty-Buck, S. (2017). Cybersecurity and healthcare records. American Nurse Today, 12(9), 62-64.
Ghazvini, A., & Shukur, Z. (2017). Review of information security guidelines for awareness training program in healthcare industry. In 2017 6th international conference on electrical engineering and informatics (ICEEI) (pp. 1-6). IEEE. Web.
Schencker, L. (2019). Hackers target health data: 82% of hospital tech experts reported ‘significant security incident’ in last year. Chicago Tribune. Web.