Privacy & Security

Debunking the cybersecurity thought that humans are the weakest link

Experts at the HIMSS Healthcare Security Forum said the next phase of infosec should be to secure the human and put safety nets in place to protect them.
By Tom Sullivan
October 15, 2018
01:54 PM

BOSTON – The time has come to move beyond the security mantra "don't click on email links or open attachments and we'll all be safer."

"We've been saying that for 15 years and the strategy doesn't work," said Theresa Payton, CEO of Fortalice Solutions and former White House CIO said here on Monday at the HIMSS Healthcare Security Forum.

Instead, Payton said that she is still seeing business email compromises on the rise in healthcare.

"From a social engineering standpoint, it has never been easier to trick employees," Payton added. "Business email compromise is one of the largest unreported crimes after ransomware."

What's more, there's a 25 percent probability that any given healthcare organization will be hacked in the next 2.5 years, said Salwa Rafee, worldwide security leader for healthcare and life sciences at IBM.

And there will always be human error, such as recycled passwords or someone clicking on a malicious link, and the technology will fail as well.

"Humans are not the weakest link," said Payton. "Technology is open to be hacked and data can never be 100 percent secure. We have to design for the human."

That applies to all employees, administration, clinicians – and even patients, according to Chad Wilson, chief of security and IT director at Children's National Health System.

Hospitals will also have to protect patients and their data outside the EHR, beyond their four walls and into consumers homes and daily lives, added Anahi Santiago, CISO of Christiana Care Health System.  

"Information security is a patient safety issue," Santiago said.

With that in mind, Payton recommended network segmentation and two-factor authentication, as a minimum type of safety net, to isolate attacks so when they do happen, hospitals can stop them from spreading to other departments, devices, facilities or software systems.

"Segment, segment, segment," said Sonia Arista, national healthcare practice director at Fortinet.

Though segmentation is not a guarantee, it can minimize damage and maximize resilience, Payton said.

"We've been so focused on data and network and hardware that we've kind of forgotten about the human cyber and social footprint," she explained. "The next thing is putting a safety net around the user."

Focus on Cybersecurity

In October, we take a deep dive into security strategy and pressing threats.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Topics: 
Privacy & Security

More regional news

Doctor charting in EHR

Telehealth, hybrid care adding to physicians' EHR workload

By
Nathan Eddy
May 02, 2024
UHG CEO Andrew Witty

UHG says it's rebuilding Change Healthcare with cloud-based security

By
Andrea Fox
May 02, 2024
Walmart store

Walmart announces closing of clinics and virtual care

By
Susan Morse
May 01, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

UHG CEO Andrew Witty
UHG says it's rebuilding Change Healthcare with cloud-based security

Most Read

WebMD acquires Healthwise to bolster patient engagement and growth
How the Change Healthcare cyberattack is straining providers, and what the government can do
HHS response to cash flow concerns from Change cyberattack inadequate, providers say
After Change Healthcare, more effort needed to avoid cyberattack chain reactions
HIMSSCast: Web apps are ubiquitous in healthcare – and come with vulnerabilities
Change Healthcare begins to restore service after cyberattack – as lawsuits begin

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Privacy & Security
Artificial Intelligence
Analytics

Video

Abigail Norville at the Netherlands Ministry of Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How the Dutch health ministry takes innovation inspiration from other nations
Dr. Guido Giunti at Trinity College Dublin_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Novel digital therapeutics for MS empower patients
Kendall Brown at CenTrak_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How HIMSS membership can grow healthcare careers
Ellen Arigorat at NewYork-Presbyterian Hospital Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
HIMSS Changemaker champions Filipino-American health literacy

More Stories

Gustavo Adolfo Torres Becerra at Minsait__Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Healthcare organizations need interoperability to give residents preventative care
Digital render of a DNA helix
Pharmacogenomics could improve medication safety and reduce waste
Alfredo Almerares, clinical executive manager at InterSystems
How the “human factor” drives successful healthcare technology adoption
Health professional at desktop computer
How AI-powered systems can help physician groups improve coding – and earn more
Nurse huddle with tablet
Nurses have a deep distrust of AI – but transparency and training could help
Dr. Jonah Feldman at NYU Langone Health System_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Want to reduce readmissions? Personalize digital discharge guides
Gabriel Garcia-Lopez at the Los Angeles LGBT Center Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
From HIMSS conference attendee to 2024 HIMSS Changemaker
Kaiser building
Kaiser reports 13.4 million people affected by data breach