In today’s world, the lines between cybersecurity and physical security have been blurred—and healthcare isn’t exempt. In fact, the stakes are higher in healthcare.
The Complexity of Healthcare Security
The patient-provider relationship is based on trust and responsibility for patient well-being. Patients trust healthcare providers possibly more than any other professional. For example, a recent study by Harvard’s TH Chan School of Public Health and Politico found that 34% of respondents expressed high levels of trust in their doctor’s office and 24% said the same for hospitals. With these high levels of trust, however, come high expectations for healthcare providers.
Patients not only expect protection from physical security breaches, but also from cybersecurity threats. These concerns are not unfounded. Mishandled physical and cyber security can take a substantial toll on both patients and providers. A faulty or hacked medical device can cause threats to physical health. A lost or stolen laptop can result in patients’ private information, such as credit cards, social security numbers, and home addresses, falling into the wrong hands.
All elements of modern healthcare security should be viewed as potentially encompassing aspects of both physical and cyber vulnerabilities and threats.
Unfortunately, threats to both physical and cybersecurity within the healthcare industry continue to grow. For example, look to the rise of the Internet of Medical Things (IoMT). Initiatives around remote patient monitoring, robotic surgery, even the smartphones that patients connect to Wi-Fi with—all of these situations require a stance on security that acknowledges the connected nature of healthcare’s physical security and cybersecurity.
Physical Security Enhances Cybersecurity—and Vice-Versa
The last thing healthcare security professionals need is one more box to check within their realm of responsibilities. This is exactly why it’s so important to reimagine what security threats and solutions look like as we head into a new decade.
All elements of modern healthcare security should be viewed as encompassing aspects of both physical and cyber vulnerabilities and threats. While this perspective is more complex, looking at physical and cyber security collectively as one type of risk factor only strengthens an organization’s security posture.
Take, for instance, audit trail reports that track who’s had access to specific medication cabinets or encrypted devices. This information informs you of threats to both patient data and physical safety.
Beyond that, a unified perspective is powerful in an age where compliance has grown beyond HIPAA, and state-specific regulations are popping up across the country.
If you’re ready to reimagine your organization’s approach to healthcare security, we recommend a few key steps.
Check Roles and Responsibilities
Because of the history of healthcare security, physical and cybersecurity are often separated from each other. Review titles, roles, and organizational charts to coordinate security efforts, make appropriate changes, and present a unified front.
Take a Multi-Tiered Approach
Security now encompasses both physical and electronic dimensions. Therefore, it is essential to understand your risk profile in terms of tiers. A multi-tiered approach is especially relevant in an age of rising drug-diversion initiatives and increasing numbers of entrepreneurial hackers. This article will help you get started on rethinking your organization’s approach to security.
Review Your Security Profile
While it’s important to understand industry-wide trends, nothing is more helpful than a deep comprehension of your own security profile. Take time to review your breach history, current threat landscape, and any new initiatives, such as remote patient monitoring. Taking this time will allow you to find where physical and cybersecurity practices intersect within your organization.
If you’re looking for ways to take charge of your future and align your physical security with today’s cybersecurity challenges, it’s time to rethink access control.