Privacy & Security
Defending your clinic or hospital from hackers: Storytelling matters
August 30, 2017
Healthcare information is incredibly valuable. That’s one of the reasons why hackers are targeting clinics and hospitals so often, and why healthcare facilities are more vulnerable to ransomware than many other organizations.
The problem is compounded by the general lack of computer security in healthcare. As patients, most of us have the expectation that healthcare professionals will have more medical knowledge than technical knowledge.
But that expectation – and the sometimes-lax security measures taken to safeguard digital healthcare information – makes it hard for hospitals to adequately protect their technology.
Hacking is an oft-maligned word. Yes, it can mean something dastardly, but it also means embracing and understanding technology. It’s about improving healthcare by using technology to make it more resource-efficient and patient-centric – in essence, making it better for healthcare professionals, patients, families and taxpayers.
But there is a paradox: on the one hand, technology in the healthcare system is an empowering tool, but on the other hand it can come with privacy and security issues because of how valuable and sensitive our health information is.
At this point in the digital revolution, we are beginning to expect healthcare professionals and healthcare organizations to embrace technology in order to provide better, more efficient care. After all, as patients we are becoming more tech savvy and using technology to monitor and track our own health. But embracing technology does increase security risks.
That’s where storytelling comes in.
Technology is taught using very technical terms, and yet most people don’t respond well to dry language and jargon, particularly when they are trying to learn something new.
Since the majority of those using technology in the healthcare system aren’t technologists, we need to rethink the way that information is delivered. That means using the right kind of language to teach healthcare professionals about technology, and to motivate them to be more responsible about the way they use it.
The fact is, healthcare professionals care very deeply about patient information and the integrity of medical data. Malice and neglect are not the reasons why systems don’t get properly used; it’s because staff members haven’t had these systems explained properly in a way that can be truly absorbed and fully understood.
We have to take a cold, hard look at the reality of the situation and acknowledge the harm that comes from the loss of privacy, and loss of organizational capability, when technology is not secure and used improperly.
It may not be something everyone is comfortable admitting or accepting, but there can be a reluctance to attempt to understand how to use technology correctly and safely among medical professionals who are higher up the chain of command. They may feel they don’t need to learn or fully understand how to use technology safely because those who report to them will simply do it for them.
Criminals understand this dynamic all too well. They know that high-ranking medical professionals within a healthcare organization may have unsecure email and passwords that are easy to hack. They know just how vulnerable that level of professional may be to phishing attempts and other cyber attacks.
The answer is not to abandon technology out of fear. The answer is to fully embrace it while understanding the risks that usage involves.
The peer review process is something that is common in the medical field, but we don’t yet have the same checks and balances where technology is concerned.
This is a cultural shift that needs to happen. Healthcare professionals need to wade in and find out what the best practices should be, and then educate others.
In fact, imagine if they were as at ease on social media as celebrities who spread false and dangerously inaccurate medical information about everything from vaccines to diet fads. Healthcare professionals could be participating in public discourse to keep hearsay and fear from proliferating in that sphere.
The benefits of using technology far outweigh the risks as long as it’s used properly. Storytelling is a neglected, but powerful security practice that can help motivate healthcare professionals to use technology to its fullest – and safest – advantage.
Jesse Hirsh is a Futurist and Digital Strategist who will be speaking about the design and ethical issues that need to be addressed when it comes to how technology is used in healthcare organizations at HealthAchieve in Toronto on November 6 and 7, 2017.