Maksim Kabakou -


Balance healthcare cybersecurity best practices and end-user needs

Hospital IT is constantly looking for ways to secure patient data without inconveniencing staff. The challenge is finding a middle ground that meets security and end-user needs.

The increasing number of security breaches being reported to the Office for Civil Rights sends a strong message that healthcare organizations must continue to implement cybersecurity best practices. In the first two months of 2018, breaches affected 501,325 patients -- that number is 224% higher than last year's during the same period. However, IT is quickly finding out that it is challenging to maintain the balance between end-user convenience and highly secured data.

Enhancing the security of healthcare systems comes in many flavors. Hospitals consider securing multiple layers in their journey to improve their protections: 

  • the endpoint layer, which relates to protecting the devices that connect to the systems;
  • the network layer, which supports all communication traffic that must be monitored and secured;
  • the infrastructure layer, which includes all the servers;
  • the cloud services layer, which relates to all workloads related to online services and cloud-based workloads; and
  • the identity management layer, which deals with identifying and authenticating who has access to what.

The identity management layer is one of the most visible layers to end users as it impacts the way they gain access to different systems and data within their infrastructure. For some, the introduction of multifactor authentication (MFA), increased password complexities and password expirations are annoyances that enforce additional requirements on users. However, these cybersecurity best practices offer stronger defenses against unauthorized access and leaked credentials. With MFA, IT is able to offer users plenty of flexibility around the methods in which they can receive additional authentication. Options include receiving a text message or phone call, or a request for approval from an app or smartwatch.

Real-time information protection

Most security teams face resistance from users in other areas. Many newly introduced cybersecurity best practices place more restrictions on end users and the content they generate and share with others. To prevent health data from leaking out unintentionally, IT is using new tools that tackle the information protection aspect of data. Several tools are being adopted that can detect in real time the sensitivity of documents and emails, and can flag the end user that the content must be classified and encrypted. These warnings are slowly becoming the norm for end users but not without a few complaints as they force the users to select the sensitivity level of the content. One such service, Microsoft's Windows Information Protection, is tied into Office 365 ProPlus and allows those warnings to come through the apps in the suite.

Website and email filtering

End users are also seeing more restrictions being imposed on website and email traffic using more robust filtering practices, forcing many of them to abandon visiting some websites and request IT to release more emails more frequently. IT departments recognize that email and public internet sites are some of the common ways machines get infected, and they are not taking any chances.   

While it is critical for hospital IT to ensure cybersecurity best practices are in place to help protect patient data and hospital systems, it is equally as important to ensure that technology does not inconvenience end users. Knowing what security tools to choose and their impact on the end users is critical. IT should always involve people outside of their department and get feedback on what impact different security tools will have on them. This helps engage end users not only as part of the selection process for these security tools, but also in educating them on the importance of implementing cybersecurity best practices.

Dig Deeper on Electronic health record systems

Cloud Computing
Mobile Computing