In order to understand how to better protect healthcare data, it’s important to understand just why healthcare employees are bypassing security protocols.
A new study, “Workarounds to Computer Access in Healthcare Organizations,” sponsored by the University of Pennsylvania, Dartmouth College and the University of Southern California, set out to understand the specific challenges of workstation access and security. As the abstract notes, “clinicians focus on patient care, not cybersecurity,” has led to the rise of the Insider Threat. They found a number of common bad habits. Specifically, clinicians were found to disregard security rules, write down passwords and fail to log off systems.
The data for the study was compiled through interviews and observations with hundreds of medical workers, cybersecurity experts, executives and IT workers, and through time spent actually shadowing clinicians. The report aimed to show how these professionals are “seeking to accomplish their work despite the security technologies and regulations." In these organizations, security was seen primarily as a barrier to productivity, and treated as such.
The authors of the report state that clinicians often thwart “onerous and irrational computer security rules” just to do their work. Our own research corroborated this finding, with IT and security pros circumventing their own security policies, which were often seen as an impediment to their productivity. It’s clear that one of the biggest hurdles in healthcare data security is providing technologies and policies that increase productivity while protecting data.
"These 'evaders' acknowledge that effective security controls are, at some level, important—especially the case of an essential service, such as healthcare [...] Without such tools, the enterprise cannot protect against adversarial cyber action. Unfortunately, all too often, with these tools, clinicians cannot do their job—and the medical mission trumps the security mission."
When technologies like access controls are seen as an obstacle, you need to find a different approach.
Tailored specifically for healthcare organizations, Absolute DDS provides a full complement of features and remote capabilities so that you can control and secure healthcare data and devices, maintain the trust of your patients and stakeholders, and protect your organization from financial penalties.
Running completely in the background, Absolute DDS for Healthcare can help you confidently manage mobility, investigate potential threats, and take action if a security incident occurs. Better yet, it can accomplish all without getting in the way of patient care. Absolute DDS can also be paired with other tools to improve authentication and access controls. To learn more, visit Absolute.com