This paper (May 2018) focuses on a qualitative research design case study to explore cyber issues throughout the healthcare industry and identify strategies for a security professional. 

Abstract: The theft of patient data stored electronically by healthcare organisations continues to be a top priority for cybercriminals. Healthcare security managers have a responsibility to the executives, staff, and patients to help secure patient data from theft. Cybercrime continues to increase, and security managers need to develop the appropriate strategies to ensure everyone within the organisation is knowledgeable of the cyber threat and what their overall responsibility entails. The specific business problem this study was to address is what strategies should security professionals use to develop policies and practices to manage cyber-threats within healthcare organisations. The deployment of technology related to computer systems was not part of the study. The purpose of this qualitative case study was to determine the strategies a healthcare security professional can use to develop policies and practices to manage cyber-security threats within healthcare organisations.

Methods: A qualitative research design case study was chosen as it affords the opportunity to explore cyber issues throughout the healthcare industry and identify strategies for a security professional. The targeted population for this study was adults over the age of 18 that have demonstrated knowledge of the healthcare industry as it related to physical security and HIPAA standards. 

Results: The key findings indicate that the lack of technology enhancements are not necessarily the only factor for security breaches.  The common consensus was that healthcare employees and affiliates need to focus on a culture change within the organization. This change necessitates the demand for continued employee awareness on current security cyber threats, education, and the impact an inadequate security posture can have on the overall organization.

Conclustions: Leadership within the organisation needs to take a proactive approach toward the security stance and enlist a risk management program tailored to the healthcare industry. Furthermore, there needs to be continued focus on the necessary technological advancements as well as the necessary employee training and awareness programs. Employees need to understand their role in the security protocol and be comfortable identifying and reporting suspicious behavior. Future research is to examine the broader scale of participants inclusive of doctors, nurses, and non- security hospital staff.

MIT Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA, United States

PANACEA Research perspectives: This research paper is of general interest to PANACEA as part of its early phase analysis on th state of the art for cybersecurity in healthcare. 

Keywords: Healthcare security professionals.

Lookout Watch entry date: 07/08/2019

Watch category:

Watch Type: