Passwords kill.
Do you want my Password or a dead Patient?
Cyber security efforts across many settings still confront workarounds and evasions by clinicians and employees. They are not black-hat hackers or terrorists, but rather colleagues who are just trying to do their work in the face of often onerous and irrational computer security rules.
Healthcare is not alone. For many organisations, workarounds to cyber security are the norm, rather than the exception. They not only go unpunished, they can go unnoticed in most settings; most concerning of all, workarounds are often actually taught as correct practice, especially within isolated teams. [2]
Change is hard. Technology is relatively easy. People find attachment comforting so when you interrupt workflow you’ll be fighting business as usual and everyone’s relationship with it; your list of allies will quickly become very thin when you become the enemy for ‘getting things done’.
Security controls must obviously be addressed in concert with sociological, psychological and workflow issues.
The hard truth is our colleagues care more about their job than data security.
It’s our job to help them learn to love their data too!
[1] J Blythe. R. Koppel, S.W. Smith. “Circumvention of Security: Good Users Do Bad Things” IEEE Security and Privacy. Sept/Oct, 2013. pp.80-83
[2] S. Sinclair and S.W. Smith, “What’s Wrong with Access Control in the Real World,” IEEE Security & Privacy, vol. 8, no. 4, 2010, pp. 74–77.