Some random (yet compelling) sound bytes from healthcare pros

woodtype

One of the occupational hazards of blogging is the need to confine one’s writing to a specific theme and come up with 500 pithy words to reinforce the premise. But we all have some weeks where there is a wide variety of unstructured insight from a variety of sources, but with little connective tissue other than that each insight was eye-opening.

This was one of those weeks. So I’d like to share with you what I call in my business “random acts of content”. They had no single theme, but I found them pretty darn interesting in aggregate given they came from some of the smartest providers in the industry.

They’re admittedly all candidates for deeper works, but I can’t force myself to embargo these sound bytes in the meantime.  Here we go !

“Healthcare is largely a reactionary culture”

Break an arm, get it fixed. Have an ache, take a painkiller. This poses challenges for healthcare security pros who must break this “fix-it mentality” when it comes to protecting patient information. Surely there are reactionary elements to cybersecurity strategy, but so much of it requires building a proactive culture of security that is less familiar to many care providers.

Also as patient engagement and satisfaction become important KPIs, this reactionary culture extends to the consumer. If Grey’s Anatomy fixes the problem in 60 minutes, so should my provider. The more important aspects of a proactive provider cybersecurity culture (like identifying email phishing attempts) don’t always make for great television, while at the same time being the most critical element in patient satisfaction and privacy.

Fear of telling patients they need to come in for firmware updates

Under the best of circumstances, we cringe when we click the firmware update button on our personal laptops or devices. So consider what it’d be like to tell a heart patient they need a firmware update on their pacemaker that includes a fix after a hacking incident, for example.

Even more challenging is that there are many IoT devices used by consumers that are outdated but still on the grid. Since there is no realistic way to update them with security patches, they remain key targets for hackers.

Veterans as great cybersecurity hires 

I’m hearing more and more about how veterans have become increasingly attractive candidates for cybersecurity jobs in healthcare. Skills related to disciplined messaging, chain of command, laser-focus on the mission, ability to think rationally under fire, and intense study of the enemy provide an excellent foundation that translates well in the CSO and CSIO organization.

On the other hand, the head of Security Products for a major vendor says that he finds that MBAs make the worst security practitioners, given their reliance on rote learning over intuitive experiences. 

Water-holing precedes Spearfishing

Just when I thought I was keeping up with the “cool-kids” on trendy security terms I hear about water-holing. This is the social engineering strategy by which hackers track the “watering holes” of potential spear fishing targets to capture personal information they will need to hack into their employer’s system.

So if I want to find a means of hacking into Intergalactic Memorial Hospital, I’ll first hack into the gym next to the hospital where the employees go to work out. Or I attack outside web sites where I know healthcare providers engage on a regular basis and then cross tab those addresses with the healthcare facility. Then I start spear fishing the ones that are prime targets based on their newly acquired work emails.

Take your hands off the keyboard and put them in the air!

This strategy becomes even more relevant after watching the healthcare providers who fell victim to power outages following one of the many recent natural disasters.  Many providers are now requiring their personnel to get a feel for care without technology by imposing planned connectivity blackouts where care must be administered the old fashion way. These “drills” create a level of confidence among the staff that should not be learned for the first time in a real life disaster.

RELATED LINKS

Healthcare transformation and the 3 digital truths

Five trendy healthcare tech titles to watch

Healthcare industry still concerned about medical device hacking

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: