HEALTHCARE SECURITY – SECURITY WITH LIFE AND DEATH CONSEQUENCES

311

This post was originally published by  .

A Day in the Life


Cybersecurity remains one of the most exciting technology jobs and one of the top sought-after positions by many technology professionals. It is also one of the most difficult positions for an employer to fill. Why is this the case?

When you think about cybersecurity, the mind often drifts towards the good versus evil of technology. Cybercriminals are seemingly everywhere, seeking to make a digital dollar off of the vulnerabilities of unsuspecting individuals and organizations. The security practitioner, on the other hand, is the sleuth who hunts down and neutralizes the threats, remediating the vulnerabilities. All of this, both the good and the bad, are accomplished from the safe confines of a room with a computer. No messy fights or murder scenes.

The day of a typical security practitioner can rise to the excitement level of dissecting an attempted intrusion through packet analysis, log review, and tracing other artefacts of criminal behaviour. It can involve interviewing techniques, seeking to find out what compelled a person to forgo all the security training and click on a suspicious link. Red and Blue Team exercises, threat hunting, and pen testing also add to the allure of the exciting security practitioner profession. Sleuthing at its finest, and exciting moments indeed!

A typical day for a security practitioner can also sink to the mundane tasks of policy, audit, metrics, and reporting. These topics, as well as endless meetings to explain password security and risk management can suck the enthusiasm out of the most passionate security advocate. Not as glamorous as the detective work, but equally necessary for an effective security program.

Sometimes, There Is Blood!

The day in the life of a security practitioner in the healthcare field is unlike the practice of most other industries. There are life and death consequences at stake in the healthcare field, and the security of the organization plays a vital role for those who work in the field as well as for the clients they serve. Whether it involves a small medical practice, or a large health institution, healthcare security has unique challenges at the managerial, operational, and technical levels.

A trained healthcare security practitioner understands these challenges from all perspectives of the information security discipline.

Healthcare Security and Privacy Management

Security and privacy management in a healthcare setting is distinctive from other professional settings due to the competing interests of security and life-saving organizational demands. As stated in the official (ISC)² HCISPP CBK, “Health Information Management…is a combination of business, science, and information technology.” This includes all aspects of workflow management, business process improvement and re-engineering, and regulatory compliance. While other businesses also have a focus on these topics, the urgency of the healthcare profession adds a heightened importance to these business processes. Few fields are as regulated and monitored as the healthcare industry, and this calls for increased efficiencies in all areas of managerial methods.

As an example, the seemingly simple flow of a patient’s admission, treatment, and discharge from a medical facility requires data management skills that are intertwined with security and privacy. Any lapse in one of the stages of a patient’s care is equivalent of losing a patient. A trained healthcare security and privacy practitioner recognizes the importance of these flows, ensuring no gaps in continuity.

Read more here: blog.isc2.org/isc2_blog/