IT Security in Healthcare: We’re All in This Together

Over the last several weeks I have had the pleasure of speaking to whom I consider the top leaders in IT in healthcare in the Mid-South and Southwest. As someone whose personal information was compromised in a data breach a couple of years ago I wanted to know what I could as a consumer to protect myself, my family and hopefully in turn you and yours.

IT Security in Healthcare

Quickly think back about a visit to the doctor or hospital 15 years ago. You presented your ID, insurance card and filled out reams of paperwork. The staff then put all of that in a folder and stored in the office for the next time you came in. Now it’s all scanned and saved digitally for easier access and sharing between medical providers to hopefully give you better care as all of your doctors can see your medical history and previous treatments. The goal is to save time and money. Time not filling out what seems to be the same paperwork and money by not ordering test or procedures done by another doctor.

With the merger and acquisitions of facilities and practices being absorbed we now have the issue of consolidating systems and achieving standardization. It doesn’t matter the size of the organization; large hospital corporations with multiple locations or critical access and rural hospitals. Personally Identifiable Information (PII) is everywhere, full name, date of birth, social security number, address, phone numbers and family relations. Every piece of information a hacker needs to commit fraud. The large amount of PII means that a breach will be deeper and have longer lasting effect on an individual.

IT Security in Healthcare

So what are healthcare organizations doing to protect you? Everything they can, based on my conversations. One thing became very clear, and please don’t panic when I say this; it’s not a matter of if a system is breached it’s when. Early detection and resistance are vital as are the actions of all of us.

The CIO’s and Directors of IT that I spoke with emphasized that process and investment in technology/infrastructure are two of the steps in protecting our PII. The third and most important is people. Making sure end users are aware of phishing scams, securing work stations when not in use and knowing who you are sharing your information with.

Here are two everyday things you can do to help keep your information safe:

  • Be mindful of opening attachments from unknown senders.

Just because it looks like it’s from a company you do business with does not guarantee it is. No longer are we getting messages from overseas princes with millions they want to share, it’s more likely to be what looks like a request from your bank, insurance company or pharmacy asking you to update information. One key stroke or opened attachment can lead to malware infecting your computer and putting you at risk whether at home or at work.

  • Be proactive when it comes to protecting your information.

It’s not just your IT departments responsibility to protect you it’s yours. So when they ask you to change your password every 90 days or to start including special characters and capital letters it’s for your protection and one more level of security in the battle against those who wish to ruin your good name.

Thank you to the IT leaders who provided their valuable time and insightful input! Is your hospital doing something different to fight the war on cyber attacks? I’d love to hear your thoughts! Email me at