With the rapid shift to remote work across industries, including healthcare, cybersecurity leaders must adapt quickly to ensure their organizations are protected.
period Hyams Digital At the meeting, chief information security officers from two well-known provider organizations discussed some of the lessons they learned during the process of protecting information during the pandemic. These include the importance of clear communication on security protocols, continued simulated phishing attacks, and putting patient care first.
With 76,000 employees in its organization, New York City-based Northwell Health must be very clear in its communications about cybersecurity, especially when people start working from home.
“We not only cooperate with our IT field, but also with our corporate compliance team, our legal affairs office, our risk management team, our internal audit team… because we want to give a voice to our user community ,” said Kathy Hughes, Northwell Health’s vice president and chief information security officer in the discussion.
She said that these factions have jointly created multiple infographics, wrote articles and developed videos detailing strategies for using technology in this remote world, including how to best protect data and phones.
The health system also continues to practice simulated phishing.
“During this pandemic…health care as an industry is highly targeted,” Hughes said. “So, we really need to ensure that safety training and communication are the first and center of everything we do.”
When a team collectively migrates to a work-from-home environment, it is necessary to always pay attention to network security, but so is flexibility. For an organization to be flexible—an essential attribute in a pandemic that requires rapid strategic change—red tape needs to be eliminated, even when it comes to cybersecurity.
“You have to accept that risk management is as important as security itself, and sometimes even more important,” Stephen Dunkle, chief information security officer of Geisinger Health System in Danville, Pennsylvania, said during the meeting. “The reality is that the patient comes first, if we have communicated the risks and made recommendations-the right approach is to do the right thing for the patient and the organization while minimizing the risk.”
In fact, at the height of the public health crisis, being too obsessed with technologically implemented weeds is not necessarily a good thing.
Dunkle said that Geisinger’s information security team adopted a “crawl-walk-run” approach. This means that initially, the team does what they have to do to get the service up and running, and then they will work with their clinical counterparts to improve the service.
“The new normal is nothing normal,” Dunkel said. “We are at a stage-for me, it is quite exciting-the methods that worked yesterday may not work today, that’s okay… We need to be very adaptable.”
The dual threats of Covid-19 and cyber attacks still exist in the healthcare industry. Focusing on flexibility and clear communication can go a long way in helping organizations solve these two problems.
Photo: LeoWolfert, Getty Images
