As a crucial component of our nation's critical infrastructure, the health sector is an obvious and wide open target for bad actors. Hackers, both state sponsored and mercenary, have been effortlessly pummeling our health sector networks while organizations do little to stop them. A firewall and anti-virus software will do little to stop intruders yet little, if anything, is being done to create standards to thwart a breach. Cybersecurity-centric components must be included in the curriculum of anyone studying health IT, HIPAA and healthcare informatics as these are the first victims that will be under cyber-attack in any organization in which they are employed. Xerox State healthcare, Anthem, AvMed, BlueCross BlueShield of Tennessee, the Nemours Foundation and others experienced breaches that have affected millions of innocent victims but little is being done to solve the issue of educating gatekeepers of the information. Sloppy cybersecurity hygiene stems from minimal standards for information security in the workplace. The kneejerk reaction to a breach is typically restricted to chaotic chatter while actual strategies to thwart future attack are hardly mentioned therefor the attack surface continues to go unprotected as the IoT (Internet of Things) continues to evolve. Sophisticated and determined bad actors such as PLA Unit 61398, Topsec, Blackvine and Hidden Lynx are only a few of the multitude of Chinese initiatives to infiltrate, exfiltrate and corrupt the networks of America's healthcare sector. The shocking truth is that we are virtually voluntary victims as there is no cybersecurity hygiene and zero cybersecurity-centric culture being taught in hospitals, insurance companies, nursing schools or text books. Cybersecurity basics should be taught in every nursing school and healthcare informatics class yet this topic remains eerily absent from current curriculum.
©2015 James Scott (P)2015 James Scott