Getting your Trinity Audio player ready...
|
It’s not easy running an IT department at a large medical organization these days, and the job is not getting any easier. Hospitals represent a prime target for cyberattacks for a variety of reasons:
Even without government regulations (and fines for non-compliance), no hospital wants to see itself in the headlines, struggling to free itself of a ransomware attack.
The primary strategy that hospitals deploy is hiring an outside cybersecurity firm. These healthcare security companies, set to represent a $26B industry by 2027, work with hospitals to conduct an assessment of weaknesses, then draw up a list of recommendations to seal them up. This includes policies and changes that the hospital’s team can manage themselves, as well as technical products and services the firm will provide and manage. Some solutions involve hardware – firewalls with filter rules to control and limit access – as well as software installations and updates/upgrades to existing infrastructure.
Human beings are often the “keyhole” through which hackers penetrate an organization’s defenses; whether for data entry/retrieval specialists, nurses working with patient files periodically, or doctors who have less hands-on activity, it is critical to train all employees to learn and follow protocols and processes for even the simplest online activity.
In one study, 59% of hospital representatives and healthcare IT professionals in the US said that email was the most common point of information compromise. Disasters can be triggered by carelessly responding to phishing hacks, or the overly casual use of minimally secure mail to communicate sensitive information.
The decision about HOW to provide healthcare cybersecurity training, however, presents a real challenge. Here’s why:
The ideal model is both flexible for scheduling and more engaging than a one-way presentation: remote, cybersecurity hands-on training. Using a cloud-based, online training platform means that participants can join from offices across the facility, or even from home. Multiple sessions can be run to accommodate demanding schedules, without the trainer physically situated in the building for each session (or even the same city, state, or country!)
The most advanced of these virtual hands-on training platforms offer a fully functional version of the hospital’s software, and both the trainer and participants can interact with it. It is a clean, stand-alone version, meaning that there is no risk of exposing, changing, or deleting real data. The installation can be pre-loaded with sample data for real-world demonstrations, or left clean and ready to be safely populated and then eventually deleted.
In training systems like these trainers and management can review reports on which trainees went through required steps, how long they spent, and what they did. This both assures compliance with the training program and identifies areas of improvement for the curriculum.
Most important, the hands-on approach to healthcare training software means that the experience is active, not passive. The hospital staff can “live” the simulated experience, trying out the techniques they are taught in a safe, controlled, but authentic environment. This practice will help prevent confusing or panic situations later, as fewer new, unexpected procedures will arise.
Our society (especially during COVID) values the life-saving contributions of doctors, nurses, and other medical specialists and support staff. But they are not perfect. With their focus on patient care and critical snap decisions we cannot expect them to also serve as cutting-edge data warriors. To optimize their training – and to give their hospitals the best chance of avoiding dangerous missteps and lawsuits – a fully immersive, hands-on approach to training by cybersecurity firms is just as important as their purely technical defensive measures.