Data security breaches happen often, worrying many people. Few understand these threats better than David Jones, Director of WestGate Cyber Security, a UK information security company specializing in helping businesses and the public sector understand and overcome emerging cyber security threats.
We are lucky to have David educate us on the key cyber security threats – not just in health care. The UK government is certainly sitting up and taking notice by putting aside 650 million dollars towards helping businesses becoming more aware and prepared for these threats. However, it’s a hard job and a lot more needs to be done, particularly in areas of large infrastructures such as energy management, water and traffic. In his interview with our CEO Mohammad Al-Ubaydli here, David sets out with great transparency such problems, plus financial threats and a current case of stolen records from a private cosmetics company.
So how can healthcare organizations become more proactive to cyber security threats? How are we to handle these risks? According to David, greater focus is needed at board level upon the value of the information at risk.
The way to really get this point across is to understand that the nature of the threat facing health organizations these days is relatively well known. They are things like quality and safety, vulnerable areas of health performance, but so much of the risk is simply not well understood because health is one of those areas where information itself is almost at the core of everything everybody does. Once you take away the critical issue about hands on nursing care, everything to do with diagnosis and treatment and drug levels and testing, it’s all information based. Once you appreciate the value of that data for what it is then you can see how health and information and therefore protecting that information has got to be on the general boards.
More importantly is that when these threats happen (and David stresses “when” not “if”) to not panic or withdraw from the system.
…When the breach comes in the form of patient records, we don’t suddenly decide that we’re not going to give any information in electronic forms to our health care providers. That’s the last thing we need to do. We all have to understand that we have got to treat security of information the same way you treat security of your house, in the same way you might take out dental insurance, you know something bad is going to happen, prepare for it and deal with it in a mature way. It’s the maturing of the industry that we need to get over. Once we’ve done that, then we can move on not as a single event but as a process, which is risk managed, just like everything else actually in the health sector that is actually risk managed.
To learn more about cyber security threats and the context of health care cyber security threats, please find the podcast here.