The DNA of Healthcare

Visit Corporate Site

CHIME Guest Blog: Cybersecurity Awareness Protects Against Data Breaches

data breaches

Michael Archuleta

CIO, HIPAA & Information Security Officer Mt. San Rafael Hospital

With 91% of all cyberattacks coming from phishing emails, providers’ vulnerability to email-borne malware is still high. Employee negligence is the main cause of data breaches, according to a state of the industry report by Shred-it, an information security company. The report found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach.

In light of the threat data breaches impose, it’s imperative that organizations re-prioritize their strategy to make employee cybersecurity awareness critical. Cybersecurity attacks are at an all-time high and hackers are focusing on gaining access through the utilization of people, so it is crucial to emphasize creating a strong cybersecurity culture based on awareness and understanding of what cybersecurity is and how it can affect an organization.

Securing information and systems that support the health care organization involves much more than technology, and it is often mistakenly viewed as only the information security organization’s responsibility.

Education Is the Strongest Defense

Our attention and area of focus continues to be executed as technology, process and people, verses the people, process, then technology. We need to remember that professional cyber criminals do not attack machines, they attack people.

Therefore, ensuring employees are educated about cybersecurity awareness and know what to do if such an attempt is made is a vital part of any organizational security strategy. It is essential to have a cybersecurity framework in place that addresses both the technical and non-technical aspects of cybersecurity.

This means taking into account not only the technologies involved, but also the governing aspects and processes to be followed, and the training around security awareness and security incident response management.

Creating a Human Firewall…It Takes Everyone, Not Just IT 

Establishing a cybersecurity culture advocates the need that everyone, including executive leadership and management, has an equal part in cybersecurity. Because it is not only an IT responsibility to prevent data breaches, but an overall organizational responsibility.

Securing information and systems that support the health care organization involves much more than technology, and it is often mistakenly viewed as only the information security organization’s responsibility.

Technology is just one part of security, and although Information Technology Services plays a critical role, the reality is that the entire organization needs to be engaged to help reduce cybersecurity risks. When employees are properly prepared to participate in their organization’s cybersecurity awareness training program and compliance awareness campaigns, they will be strongly motivated to safeguard the organization systems and information while recognizing that they play an important role in keeping data and systems safe and secure. When fully engaged, this creates a formidable human firewall which is a key element in building a strong cybersecurity culture.

We need to remember that cybersecurity isn’t just about data security — it’s also a matter of life and death. Change the culture, focus on your people, improve patient care, and build your human firewall because the best technology in the world will still fail if your people fail.

About Michael Archuleta

Recognized as a Top Hospital and Health System CIO to know & named a Rising Star in Healthcare, Michael is a cutting edge, innovative, visionary leader who possesses strong leadership skills with extensive experience & a proven track record of driving increased levels of productivity, profits, high integrity customer relationship skills & expert problem-solving approaches.

Michael currently serves on the board of directors for The Neural Network, a CXO advisory board facilitated by NetApp, and a Healthcare Ambassador for Fujitsu of America. He is also an active member of CHIME, a strategic advisor to healthcare startups and an active Speaker within the field of HIT.

The DNA Of Healthcare

At LexisNexis Risk Solutions, our goal is to provide the healthcare industry with insights and innovations to improve outcomes, grow market share, reduce fraud and increase compliance.
These blogs are published for information purposes only and can be statements of opinion. Although we LexisNexis rigorously check the accuracy of all information at the time of publishing the blogs, no representations or warranties are expressed or implied as to the blog, its contents and any accompanying materials and it should not be relied upon for acting in specific circumstances. Although links to external websites on any blog posts are tested and deemed accurate at the time of the blog posting, we LexisNexis accept no liability for such links to external websites and do not endorse or warrant in any way any materials available through such links or any privacy or other practices of such sites. In addition to this blog disclaimer, access and use of the blogs is governed by the LexisNexis website.