Contributed by Eddie Myers, Crothall Healthcare Program Manager for Cybersecurity Solutions
As healthcare providers and the technologies they use are becoming more connected to the web, it's crucial for facilities to take preventive measures to avoid cybersecurity threats. Without cybersecurity measures in place, your facility and patients are vulnerable to the attacks of hackers. One way to build a better cyber defense is to train your staff to follow the best practices in cybersecurity. Learn which members of your staff need the most cybersecurity training and how to effectively train them to protect the security of your facility and your patients.
Which Staff Members Need the Most Cybersecurity Training?
Many actions that could create a cybersecurity threat don't feel threatening on the surface, which is precisely why hospital leaders should train every staff member. According to Eddie Myers, Program Manager Cybersecurity Solutions, healthcare staff can unknowingly cause many cybersecurity threats. If your staff isn't fully aware of security measures, they could put your facility at risk.
For example, staff members should never plug their cell phone into a hospital computer, even if it's only to charge the phone. Likewise, they should refrain from checking their personal email on hospital computers. These actions can be gateways to more online threats to your facility.
Ensure training covers using medical devices only for their intended purpose, and not to - for example - surf the web. By learning preventive measures, leaders can train their staff in these areas and help create a more secure healthcare network.
While it's important that every staff member receives some level of cybersecurity training, every staff member doesn't have to be a cybersecurity expert - the depths of knowledge will, and should vary by role. Hospital's IT staff should be the most knowledgeable about cybersecurity. Empower them to take ownership of training other staff on how to maintain a secure network. Many non-IT staff members also work with sensitive information, so while they don't need to be IT experts, there should be a plan in place to train them. Because humans cause most cybersecurity issues (even accidentally), it's essential that staff have the awareness and proper cybersecurity training.
How to Improve Cybersecurity Training with Your Staff
According to Modern Healthcare, the number of healthcare hacks per year continues to increase steadily. That's why it's more important than ever to train your staff in specific areas about online safety. Follow these steps when training your staff about cybersecurity:
1. Educate Staff About Intended Use
One of the most critical parts of training your staff is to make sure staff understand "intended use." Computers or other devices on the radiology floor, for example, shouldn't be used by staff who work on a floor that's strictly patient care. Limiting staff's exposure to devices is a simple way to avoid the chance of an online threat. It is also a way to keep people more accountable for their online actions.
2. Define the Intended Use of Each Device
It seems obvious, but it's critical to train your staff to only use medical devices for their intended purpose. Define what medical devices can and cannot be used for. At baseline, medical devices and hospital computers should never be used for things like checking social media, surfing the web, and sending emails through a personal account.
3. Train IT Staff in Security Systems
Use security information management systems. Ransomware is becoming more sophisticated and challenging to detect, which is why Modern Healthcare suggests that healthcare facilities should use security information management systems to help collect data, manage and identify threats. It's imperative that your IT staff fully understands these systems and knows what to do when it detects a threat.
Learn more about how Crothall Healthcare and Asimily have partnered to help hospitals address cybersecurity threats.
4. Prepare for Cyberattacks
When everyone knows what to do in the event of a cyberattack, your staff can act quickly to secure critical information and data. Check out this Healthcare Organization and Hospital Discussion Guide for Cybersecurity from The Centers for Disease Control and Prevention to get started. Have staff members who are responsible for cybersecurity preparedness and response planning at your hospital read through and apply the information in this guide, or adjust it as needed.
Tips for Improving Cybersecurity
Maintaining a secure network is a group effort. Encourage your staff to follow these healthcare cybersecurity tips:
- Never click unfamiliar links. Hackers use phishing methods via email to trick people into clicking harmful links. Staff should always directly ask the sender of the email if they intended to include a link. Sometimes hackers send emails pretending to be a trusted colleague, which can make this security measure more challenging.
- Be careful about plugging in USB devices. Hackers can use USB devices to install malicious software onto your medical devices and gain access to your computers.
- Keep as many devices offline as possible. Eventually, it may be inevitable that your medical devices are online because it can increase efficiency. However, connected devices have a higher risk of cyber threats.
- Use micro segmenting for your medical devices. This means that you segment your devices from your network as a whole. Micro segmenting can slow down or prevent hackers from compromising all of your medical devices because it removes the point where someone can connect to the device. Micro segmenting may also be beneficial for your operations because it can make things faster. Make sure you have a good network map so you can stay organized.
- The American Hospital Association says it's vital for healthcare providers to instill a patient safety-focused culture of cybersecurity. This means that staff members see themselves as defenders of patients' health and their data, too. Though your IT team needs to lead your facility's security measures, online security needs to be a priority for staff of all levels.
Using online technology is beneficial for healthcare facilities. It makes it easier to manage devices, find patient information, and communicate with others. That's why it's so important that hospitals and healthcare staff follow these preventive measures to keep things operating as intended. Get started by creating a plan to train your staff in the best practices for online security.