Cybersecurity for the Clinician

Mary Madison, RN, RAC-CT, CDP
Clinical Consultant – Briggs Healthcare

As the threat of cyber attacks on the health care system continues to inflict disruptive harm on clinical operations, privacy of protected health information and data, financial and scheduling systems, and ultimately patient safety, appropriately resourced hospital systems maintain a team of security professionals with dedicated cybersecurity responsibility. But most health systems do not have enough resources dedicated to cybersecurity, including proper training of clinical staff.

As most cyber attacks succeed through end-user deception or error, clinicians must be cognizant of their responsibility to help secure data and systems from cyber exploitation. It is increasingly understood that threats to healthcare cybersecurity present a shared challenge and therefore a shared responsibility, including among those whose principal responsibility is patient care and healthcare quality.

Against this backdrop, security executives in hospital systems are challenged to keep their clinicians aware and trained about cybersecurity risks in their day-to-day environment. Constant non-clinical demands on clinicians’ time and attention force chief information security officers and their training teams to short-cut training time and quality. What is needed, particularly among smaller providers and academic institutions for the healthcare profession, are ready-made training resources for specific aspects of healthcare cybersecurity that make tangible connections between good cybersecurity hygiene practices and real-world clinical situations.

The Health Sector Coordinating Council (HSCC) is a public-private partnership between industry and the U.S. government working to reduce cybersecurity threats and vulnerabilities in the health system. The HSCC Cybersecurity Working Group has produced a series of eight 6-7 minute videos collectively titled “Cybersecurity for the Clinician.” The videos follow a logical sequence focusing on cybersecurity concepts with which frontline health workers should become conversant. The internet-posted videos are available without charge and are certified for Continuing Medical Education and Continuing Education Units credits.

Using these training videos also should satisfy documentation requirements by the CMS Emergency Preparedness Rule, the National Fire Protection Association and The Joint Commission for facility Hazard Vulnerability Analysis and Risk Analysis and Training.

The following links to the 8 titled video episodes (and the opening promotional) are bundled in a playlist on the HSCC YouTube Channel. The videos cumulatively run 46 minutes 50 seconds, qualifying for 1 CME credit hour or 1 CEU credit hour. Also included below is a list of general cybersecurity competencies that are introduced to students and clinicians throughout the training.

Competencies Introduced in Video Series:

  • Basic cybersecurity literacy
  • Apply principles of cyber hygiene and best practices to healthcare/medical technologies and their application environment to mitigate risk and ensure safe practice and care
  • The role and risks of connectivity in healthcare technology
  • Known consequences of vulnerabilities in healthcare technology
  • Awareness of the specific role responsibilities and response in case of a cybersecurity incident
  • Understanding of healthcare technologies that support clinical practice, their application environment and associated risks
  • Protecting patient information and ensuring confidentiality
  • Understanding of rules/regulations and requirements for safe use of healthcare technologies and their application environment
  • Recognizing and responding to personal social engineering/fraudulent requests for information; e.g.; phishing
  • Account management (e.g., use of work account on social media sites)
  • Email management and security
  • Emergency planning requirements and patient care absent access to the EHR

Additional information about this partnership and links to the individual videos is available here.