The unique role of doctors in cybersecurity

Is it time to rethink the relationship doctors have with critical-information systems?

by Steven Mitchell, Vice President of Global Business, AT&T Healthcare Solutions

Throughout the course of a normal day, doctors use several critical-information systems at their hospital or office – patient records, test results, surgical monitoring and more.

These doctors typically carry phones and tablets with them – both inside and outside of the office – to conveniently access vital information and a variety of apps. They work in a system in which the number of network-connected devices is rapidly increasing, often without proper security precautions in place.

Consider this scenario:

While getting caught up on some work in his home office one morning, a physician clicks on an email from what appears to be someone from the IT department. The email is requesting that he verify his login information.

“Routine hospital security exercise,” he thinks to himself.

  • The Threat: This email wasn’t from IT, but from a hacker, who now has the doctor’s password. Phishers can mimic in-house emails and tube attacks to physicians personal and professional life, including international research collaborations.
  • The Solution: Ongoing phishing training, including simulated campaigns. Use network to scan and quarantine email containing patient data going to another county for additional scrutiny. Implement threat detection and notification if a breach does occur.

Proper training

Making doctors a productive part of your security solution requires not just a robust technology suite, but also a rethinking of their relationship with your security apparatus.

Given the proper training, doctors can be a core component of your frontline cyber defense. Their reputations are tied up in the reputations of the hospitals in which they work.

Working with physicians, however, inevitably reveals a Hippocratic complexity: A doctor’s first priority is the well-being of their patients.

“Doctors are focused 100 percent on the health of the patient and getting to see more patients,” says Terry Hect, Chief Security Strategist for AT&T Healthcare. “So, any time they can skip a step to go faster, they often will.”

Bottom line

Before your health organization can determine where quality of care and quality of security can best intertwine, an effective audit of your security system must recognize the unique role of doctors.