If you belong to a healthcare organization, you’re most likely aware of the risks of inadequate cybersecurity. Attacks on your company’s digital data systems can leave your patients’ personal health information (PHI) exposed, which means a potential HIPAA violation and a high cost to your business.
We at Matterform want you to be aware that the weakest link in your healthcare organization’s security is often NOT the technology.
The weakest link is the people who are using the technology, creating passwords, and accessing the information.
Therefore, it’s important to look beyond the IT department and encrypted VPNs to consider the different ways that PHI filters through your organization’s people. How are they being trained? How are they managing their vendors? What are all of the workflows through which PHI is allowed to pass?
Unfortunately, HIPAA concerns are often left entirely to the IT department, leading to a false sense of security. For example, an IT department may have implemented excellent encrypted VPN technology, but the password chosen to protect the network may not be so excellent. Maybe the users haven’t been trained to use long, random, difficult-to-guess passwords, or maybe they’re using previously-breached passwords! It’s easy to see how a “secure” VPN may only be as strong as its chosen password.
This is why your healthcare organization must examine the “people factor”, including processes and training, when reviewing their quality of PHI security systems.
So, what’s the best way to avoid the trap of IT tunnel vision? How can you “upgrade the people factor”? Simple! Through standards and training provided by Matterform. We aim to bring a human-centered approach to risk assessment and management plans. We can help you make a thorough, enterprise-wide risk assessment that considers all possible threats.
