Why a Florida-based information security officer sees communication as a key to data protection

Written by Jackie Drees | August 21, 2018 | Print[1] | Email[2]

Don Kelly, information security officer at Indian River Medical Center in Vero Beach, Fla., discusses the importance of awareness and communication when dealing with hospital data protection. Question: What do you consider to be the most important aspect in hospital data protection? Don Kelly: In my opinion awareness is most important.

While technology can solve many of the problems we face there are always holes that our users always manage to find. Staying available to speak to departments and their users is critically important as data protection doesn’t need to feel like Big Brother. Once they realize we share common goals I have found most users are more than willing to communicate with us before issues arise.

Q: How do you train clinicians and front-line staff to protect patient data and avoid cyberattacks? DK: At IRMC we conduct face-to-face training with all new employees including clinicians at new hire orientation. I personally spend about 45 minutes making employees aware of information security and how they should change their behavior to protect our sensitive information.

I give a general overview of threats that affect IRMC, then focus on several specific topics such as password creation, phishing detection, USB handling and locking of screens. We also distribute security alerts at least quarterly and on an as-needed basis. Q: What do you see as the next big cybersecurity threat hospitals should look out for and why?

DK: I think it is and always will be disinterested or ignorant employees unaware of what proper cyber hygiene looks like. When I take the time to explain simple things like why and how encrypted email is necessary I usually see the lightbulb go on. Ransomware and malicious hackers will always be a threat, but the vast majority of our issues originate from employees either acting hasty or with disregard for policy.

To learn more about hospital and health system cybersecurity, as well as the key trends for CISOs, register for the Becker’s Hospital Review 4th Annual Health IT + Revenue Cycle Conference Sept.

19-22, 2018 in Chicago. Click here[3] to learn more and register. More articles on health IT:
Email breach at Portland health system risks 38K patients’ data
sk© Security SAVER SALE holes in Maryland’s Medicaid system put patient data at risk, OIG finds
Cedars-Sinai CISO Chris Joerg on the inevitability of cyberattacks & what to do in the aftermath[4][5][6]

(C) Copyright ASC COMMUNICATIONS 2018.

Interested in LINKING to or REPRINTING this content?

View our policies by clicking here[7].

To receive the latest hospital and health system business and legal news and analysis from Becker’s Hospital Review, sign-up for the free Becker’s Hospital Review E-weekly by clicking here[8].

References

  1. ^ Print article (www.beckershospitalreview.com)
  2. ^ Email (www.beckershospitalreview.com)
  3. ^ here (www.beckershospitalreview.com)
  4. ^ Email breach at Portland health system risks 38K patients’ data (www.beckershospitalreview.com)
  5. ^ sk© Security SAVER SALE holes in Maryland’s Medicaid system put patient data at risk, OIG finds (www.beckershospitalreview.com)
  6. ^ Cedars-Sinai CISO Chris Joerg on the inevitability of cyberattacks & what to do in the aftermath (www.beckershospitalreview.com)
  7. ^ clicking here (www.beckershospitalreview.com)
  8. ^ clicking here (www.beckershospitalreview.com)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *