Training is one of the key components to protecting against cyberattacks. And that’s not just true for healthcare provider workers, but also for safety managers and employees — especially those looking to move forward.
This is the topic of Inhouse Career Development: Hiring from Within, a training session at the HIMSS Healthcare Cybersecurity Forum, taking place December 5-6 in Boston.
The session is a fresh look at cybersecurity training in healthcare organizations and how security leaders and staff can improve their knowledge, skills and abilities. Cybersecurity training for clinicians differs from that for administrators. Effective, meaningful training is essential not only for the well-being of the organization but also for the people within it.
Notwithstanding, cybersecurity professionals in organizations also need to be trained. A roadmap will be provided in the session to outline training and educational resources for individuals, organizations, contractors and others.
Melissa Elza, co-founder of GRC for Intelligent Ecosystems, a training and education organization where she serves as chief people officer and director of the NextCISO Academy, is one of three panelists speaking during the session. She sat down IT news in healthcare to provide a preview of the Healthcare Cybersecurity Forum session.
Q. How is cybersecurity training for administrators different from training for doctors and nurses?
A. Administrators are the gatekeepers of our private health information. Yes, all employees need to be aware of HIPAA and the precautions needed to protect that information. But the admins are the ones who release our sensitive health information and other PII to the insurance companies, to other doctors, etc.
Administrators, in particular, need role-based training to ensure they understand the types of attackers and what tactics they can use to get hold of that data. I recently read a statistic that about 95% of cybersecurity breaches are caused by human error. That’s an amazing number.
“We could have prevented most of the offenses through training. It’s incredibly important.”
Melissa Elza, GRC for Intelligent Ecosystems
This means that we could have prevented most violations with training. It’s incredibly important.
Q. Cybersecurity training that obviously works is good for a healthcare organization. Also, how is it good for employees, including cybersecurity professionals?
A. The healthcare sector has suffered more than 337 security breaches this year, according to Fortified Health Security’s semi-annual report. This was reported in September, so that number is now higher in absolute terms.
More than 19 million records were compromised in these breaches. Healthcare is already a stressful job, especially now that the pandemic has started. When patients worry about their personal health information being exposed, it only adds pressure to an already hard work.
It benefits everyone to find out how we can reduce these security breaches and keep attackers off our systems. Hopefully, if you spend time training employees, you can also free up triage and forensic teams in these organizations.
Q. What kind of continuing education do healthcare cybersecurity professionals really need?
A There is always something new to learn in cyber security. You must be. Attackers find new ways to get into our systems every day, and we need to understand these new threats.
Every year IBM publishes a report entitled “Cost of a Data Breach”. This year’s report states that the average cost of a healthcare data breach is now $10.1 million per incident, a 9.4% increase from the 2021 report. This number will only continue to rise.
Education never really stops for us. It can’t.
Q. What are one or two example educational resources for cybersecurity professionals and where can they find them?
A. At GRCIE, we firmly believe that community is what gets our students across the finish line. I don’t think that will change once they enter the industry.
There are many excellent community organizations with tremendous reach, such as the Cloud Security Alliance (CSA), ISACA, ISC2, and the Information Systems Security Association (ISSA), which have local groups in many cities.
If you are a woman online looking for other women, WiCyS is another wonderful organization supporting other like-minded women. Cyversity is another fantastic organization that supports women, minorities and underrepresented people.
All of these organizations offer continuing education to their communities. These community organizations bring professionals together to learn how together they can protect us from these new threats. If you are looking for ongoing learning opportunities, please check out these organizations.
For more information on the HIMSS Healthcare Cybersecurity Forum, visit 5th-6th December in Boston, click here.
Email the author: email@example.com
Healthcare IT News is a publication of HIMSS Media.