Information security is a continuing journey: a process and mindset that needs to be continually cultivated. Unfortunately, there will never be a point when an organization or company can state “we are now fully secure – we’re done. What’s for lunch?”
Part of the reason information security is an ongoing process is the landscape of technology is ever-changing. New exploits or vulnerabilities are discovered for existing programs or computer operating systems. New programs or operating systems come out, and exploits are discovered in those. That cycle will continue.
And, hackers and malicious actors are a creative lot. Many of the vulnerabilities and exploits found in software programs are the result of using the software in a manner other than intended. This process is very much like an inventor, or a software programmer. Finding new ways to manipulate or break existing software is a goal of hackers and security experts alike, although for opposite reasons. The catalyst for hackers is the lure of real money that can be gained from malicious activities.
While the details of how security endeavors to protect data might change from time to time, based on new technologies or old methods falling out of favor, the process of security remains a constant. Learning to understand and apply a mindfulness of security is key, such as abiding the Minimum Necessary Standard of HIPAA. Storing or using the least amount of data needed as a security method will stand the test of time, for example. Mindsets like this are important for us to learn and use in our day-to-day tasks.
In healthcare, we are all stewards and guardians of sensitive data such as Protected Health Information (PHI). Healthcare, by its definition and nature, is caring for the patient. At Registry Partners, we believe that includes caring for their sensitive information even after the patient is seen and released.
Training and coaching staff on security practices is critical: healthcare workers that interact with sensitive and protected data as part of their jobs are indeed the first line of defense for the data. Social engineering, or the act of trying to trick someone out of data or passwords or access, has been and will continue to be a popular hacking tool. And staff trained against these threats will be well-prepared to ward off attacks, just like firewalls and anti-virus programs prevent digital intrusions.
It’s also important for healthcare staff to engage in ongoing training for security regularly. This will reinforce existing knowledge as well as help stay on top of new or emerging threat trends. Security training and education better sets up healthcare workers for success, which ultimately leads to better patient care overall.