Cybersecurity in Healthcare (Hospitals & Care Centres) By Coursera Course Review and Summary
Provider : Erasmus University Rotterdam
Course Link: https://www.coursera.org/learn/cybersecurity-in-healthcare
Course Notes and Summary
Note 1: There’s a tension between cybersecurity experts who want to secure hospital systems and doctors who are focused on patient care. Cybersecurity measures can make systems more difficult to use and complicate patient care processes
Note 2: Article 9 of the GDPR states that the processing of health information is in principle forbidden. It is however allowed to process such data when specific conditions are met. Generally speaking, healthcare organisations could base the processing of the health information of their patients on the legal grounds of consent, the necessity for the protection of the vital interest of the data subject, or the necessity for the provision of healthcare or treatment or the management of healthcare systems and service
Get COMPTIA Security+ Exam Notes
Context and and complications of cyber security in healthcare
Adopting cybersecure behaviours is often complicated by contextual factors. Commonly noted problems within healthcare and social care organisations are:
– Time pressure and heavy workload
– Workflow issues, such as needing multiple systems and multiple logins
– The complex design of systems and variety in user interfaces
– Policies, protocols, and processes that do not correspond with real-life working situations
– Physical environment, floor plans, furnishings
Note 3: it is important to understand practices in healthcare to improve cybersecurity. Cybersecurity measures and education become more effective if we understand how healthcare employees use technologies, which skills they need for that, and the meaning behind it.
Note 4: The healthcare cybersecurity is full of vulnerabilities and thus is an easy target for hackers, regardless of their skillsets
Note 5: Healthcare organisations and their data are targeted for financial gain, to advance medical research, and/or to create market opportunities
Note 6: Cyber hygiene is a useful metaphor for cybersecurity practices.Just like ‘normal’ hygiene, these practices should be done regularly to maintain cybersecurity
Definition of Cyber Security Culture
Cybersecurity culture refers to how cybersecurity is viewed and expressed within the healthcare organisation.
-Cybersecurity culture refers to “knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies
-it is important to create a cybersecurity culture within healthcare and social care organisations.
**It supports and motivates staff members to apply cyber hygiene practices
**It provides an atmosphere were staff members feel comfortable to ask questions concerning cybersecurity
**It ensures that cybersecurity receives sufficient attention at all levels in the organisation
Note 7: Organisational culture is influenced by what personnel believes to be the accepted beliefs and values of the organisation. As a result, these steer group and individual behaviour
The following list contains sources to determine the current culture in an organisation:
*Use surveys, observation and/or interviews to assess staff members’ knowledge, beliefs, perceptions, attitudes, assumptions, norms and values*
*Review organisational processes and policies*
*Interview management to assess where the core issues lie for their teams*
*Use IT security tools, log files and IT support tickets to determine key issues*
*Employ security testing methods, such as phishing and malware campaigns, to determine employee response.*
Course Certificate
