How Mistakes, Forgetfulness, and Carelessness can Undo the Best IT Security
Some things just can’t be anticipated and protected against. Human foibles are at the top of the list. Human beings aren’t perfect, and their mistakes, carelessness and just plain bad luck can wreak unintentional havoc. Sometimes the simplest error can undo the most intricate IT security plans. Case in point – the Little River Healthcare Records theft.
Little River Healthcare, a healthcare system in Waco, Texas, discovered that print and electronic medical records had been stolen. But, they weren’t stolen from the hospital. The printed records were in a briefcase and the electronic records were on a laptop. They were stolen from the locked car of a clinician. Luckily the laptop was password protected and the hospital’s IT department confirmed that it had not been turned on. It appears that the thieves wanted the computer to wipe it clean and resell it.
However, the doctor and the hospital were fortunate. But, this was a razor-thin near miss that could have resulted in confidential patient information being disseminated and/or sold on the internet. It’s a case that clearly demonstrates how easily human error and carelessness can interfere with the most perfectly developed IT security plans.
IT Security Depends Upon the Most Basic Elements
When it comes to cyber security, we believe that simple things are the most essential. They are also the most frequently overlooked. If you have invested millions of dollars in cyber security for your hospital, physician practice or health system it can be undone in a second if employees aren’t educated about how to conduct online work safely. If employees open strange emails, forward unknown documents, open zip files from unknown senders or don’t use appropriately formatted passwords, your organization is still wide open to ransomware that could shut it down in a heartbeat.
Hackers never sleep and they go after outdated systems just as quickly as they try to infect new ones. Healthcare IT reported that the ransomware Locky was going after outdated Windows systems and operating platforms – the kind that many hospitals still use. According to Healthcare IT, “The latest round of Locky is still being distributed via email with two zip attachments that contain the virus in .exe format. It’s not unlike those in the past: the emails contain order confirmations, payment receipts and other business needs. The goal is to use social engineering to dupe its victims.”
What are the simple elements of cyber security?
It’s essential that healthcare organizations make cyber security part of their culture. Educate employees on phishing risks to that everyone bears responsibility for protecting the organization’s cyber security. They should also use passwords that are alpha-numeric and include special symbols. Another lesson is to change default passwords, lest cyber hackers exploit this vulnerability.
First, when employees are working through the day, they may forget to lock the computer and leave it open for any unauthorized person to view. They don’t log in and out every time they step away for a moment. That means that patient information is open for the viewing and the taking. New proximity authentication technology facilitates the automatic locking of public-facing computers with seamless 2FA.
Increasing security (and productivity) at the computer.
Even though it is necessary for IT security, repeatedly entering logins to use computers drains workplace efficiency. It is estimated that $5,000 and 100 hours in productivity are lost each year due to the necessity of repeated logins and logouts. The average doctor must enter 50 to 60 logins and logouts every day as they work on EHR and other electronic records. See how one healthcare institution saves time and thousands of dollars per year from preventing password problems and login latency. Save valuable dollars and time with the right technology.
However, there is a better way – check out this case study for faster login for healthcare. Technology that offers automatic lock keycards carried by staff secures computers 100% of the time without entering passwords and logins manually. It provides user authentication that protects against healthcare privacy breaches. Also, the solution provides clean audit logs for analytics and due diligence built for CEOs, CIOs, and CISOs.
Hackers won’t stop and ransomware isn’t going to go away. If anything, both are going to become increasingly sophisticated and insidious. Healthcare isn’t delivered by programmable robots; it’s delivered by compassionate caring human beings; the very same human beings who make mistakes. Simple, secure elements are essential if you are to give employees the tools they need to help protect your organization. Read about another event in human error.