A university study that focused on the practices of health-care workers showed just how vulnerable the industry is to cyberattacks due to information security policies that lag behind clinical practice.
Professors from University of Pennsylvania, Dartmouth College and University of Southern California studied the work of nurses, doctors, IT specialists and chief information officers in clinics and hospitals and found major gaps between policies and practice that saw health-care workers bend and break security policies in order to get their work done. The health-care industry is frequently cited as one of the industries most exposed to cyberattack due to large networks with numerous access points and vulnerable, legacy computer systems. For example, a California hospital recently had its patient data held hostage by hackers. The study indicated that following the policies in place was just as significant a factor in health-care risk. “Cybersecurity efforts in health-care settings increasingly confront workarounds and evasions by clinicians and employees who are just trying to do their work in the face of often onerous and irrational computer security rules.”