Cybersecurity Hygiene for the Healthcare Industry - James Scott - Bog

As hospitals and the health sector as a whole continue to take advantage of the conveniences provided by the latest IoT (Internet of Things) technologies, little attention is focused on the expansive and virtually completely unprotected attack surface evolving from use of these technologies. A cybersecurity-centric culture and an evolving enforcement of proper cybersecurity hygiene are mandatory to create even the most basic secure environment. Conversations and training centering on HIPAA, health IT and healthcare informatics must include cybersecurity, sadly it rarely does and the victims are typically the patients. Strangely, cyber-attacks such as Anthem and others like it were not technically sophisticated rather the exact opposite. Spear phishing, spoofed URLs and watering hole attacks are the primary means of obtaining legitimate admin credentials, thus offering up one's entire network to hackers on a silver platter. Including the position of CISO is pointless unless the staff is properly trained to identify the ingredients of basic social engineering and a malicious attack. This series is meant to introduce cybersecurity into the curriculum of those studying HIPAA, healthcare IT and health informatics as the topics go hand in hand, yet the health sector and academia as a whole have continued to ignore this reality therefore continue to be an easy target for hackers and bad actors. A cybersecurity-centric culture must be injected into every aspect of the health sector. Precise and determined effort must be introduced to initiate a mandatory cybersecurity hygiene standard throughout this crucial component of our Nation's critical infrastructure. This series has been authored to intentionally introduce cybersecurity and health IT simultaneously in hopes that the health sector will enforce the same concept to its academic partners.