Issue link: https://beckershealthcare.uberflip.com/i/922733
34 CIO / HEALTH IT IT, Cybersecurity Talent Shortages Require Healthcare to Rethink Hiring Strategies By Julie Spitzer A s the cyberthreat landscape becomes increasingly complex, organizations are seeking new talent from different sources to address their IT shortages. At the Becker's Hospital Review 6th Annual CEO + CFO Roundta- ble Nov. 13 in Chicago, Willis Towers Watson's Brian Warszona, vice president, and Tracey Malcolm, future of work leader, discussed the intersections of cybersecurity and employees. "Our organizations are changing in terms of the jobs that are re- quired … I don't know if you can think in your organizations of the type of roles that are changing — the increase in devices in your environment, data management is increasingly part of hospitals sup- port — new roles that are really stretching the boundaries for orga- nizations as far as how you manage talent," Ms. Malcolm said. But also, the threat landscape is evolving, and employees need to be more vigilant since they are the most frequent cause of malware in- filtrating a system — and this is oen accidental. "e No. 1 way that [ransomware] is actually transmitted is through the phishing emails. is is actually saying that the employee or an actual individual inside had to click on something, thus giving that particular malware access to the computer and the computer net- work," said Mr. Warszona. As organizations move to implement new technologies that ad- dress cybersecurity, improve employees' workflows and automate processes, Ms. Malcolm and Mr. Warszona argue organizations must rethink how they train current employees as well as how they source new talent. According to Ms. Malcolm, organizations should consider outsourcing cybersecurity contractors since hiring an internal expert can be a lengthy process taking upwards of 18 months. She added that building awareness and being very clear with employees as to what the organization values in terms of cy- bersecurity is also crucial. "Information security work is different than any other types of work occurring in your organization, and you have to recognize that," Ms. Malcolm said. She added that protecting data is no longer up to just the IT department. Instead, it is a responsibility of every employee. n 6 Little-Known Ways Your Hospital May Accidentally Be Violating HIPAA By Julie Spitzer W hile the most commonly-known HIPAA viola- tion may be a data exposure stemming from a computer vulnerability that went undiscovered until it was too late, healthcare organizations may be suf- fering from a number of other HIPAA violations without even realizing it. Even if providers take a number of approaches to pro- tect their information systems, they may still not be practicing safe guidelines with sensitive patient data, wrote Kays Harbor co-founder Manisha Kathooria in a company blog post. Here are six unexpected ways healthcare organizations may be accidentally disclosing HIPAA-protected pa- tient information. 1. Responding to reviews on listings or websites. While many organizations have Google, Facebook or even Yelp pages that may feature negative reviews, replying to these comments can have serious conse- quences. Responding to a comment may insinuate that person was your patient or a patient you interacted with, even if you do not post any information specific to that individual's case. 2. Unintentional attachments in emails. HIPAA requires email communications to patients be encrypted beyond the typical layers used by most email services, which are called Secure Sockets Layer or Transport Layer Security. 3. Missing or hidden meta information in special file formats. Files formats, such as JPEG or Microsoft Office documents, often contain protected health information even if it is not immediately apparent. Scrubbing files of metadata before sharing them with coworkers could pro- tect against unintended distribution. 4. Automatic syncing of devices to apps or clouds. Tools like iCloud and Dropbox may not secure patients' PHI without a business associate agreement in place that follows HIPAA guidelines. 5. Social media posting at your workplace. Many orga- nizations post to their social media sites, like Facebook, to keep their patients up to date on their hospital's news. But, if their employees are not careful of their posting behaviors — including taking photos with patients in the background or revealing the backs of desks or computer screens — HIPAA violations ensue. 6. Seeking a second opinion from peers. While discuss- ing healthcare cases with colleagues may garner fruitful results, special attention must be paid so that no PHI is shared with physicians not on that patient's case. n "Information security work is different than any other types of work occuring in your organization, and you have to recognize that." − Tracey Malcolm, Global Future Leader of Work, Willis Towers Watson