Privacy & Security

Secret to security best practices: incentivize

'When organizations don’t have appropriate incentives to protect information, they will not be able to adopt countermeasures to protect systems'
By Jack McCarthy
November 20, 2015
09:28 AM

The view that cybersecurity is purely a technical, engineering challenge is a shortsighted one, and that is repeatedly proven by breaches that confound CIOs who thought their healthcare organization was safe from hackers.

Recently, that view is being replaced by the recognition that security challenges are less technical than human-oriented, pointing to the behavior of organizations trying to defend themselves.

"The misalignment of incentives explains why security failures often take place," said Tyler Moore, Tandy Assistant Professor of Cyber Security and Information Assurance at the University of Tulsa. "So whenever organizations don't have appropriate incentives to protect information, they will not be able to adopt countermeasures to protect their systems."

Moore will address these and other behavioral issues in a presentation "What is Security Economics and Why Should You Care?" at the HIMSS and Healthcare IT News Privacy & Security Forum

[Learn more: Meet the speakers at the HIMSS and Healthcare IT News Privacy and Security Forum.]

"The importance of incentives in choosing the best types of security mechanisms cannot be underestimated," Moore added.

Another human factor that impacts security decisions is information asymmetry, which occurs in relations between two parties when one doesn't have adequate info about the other, Moore said.

A hospital may be evaluating a security system from a provider where it can be hard to ascertain the quality of security of the solution, for instance. "This can lead to a problem where there can be an emphasis on other features of the product that can be observed instead of the dozens of other things that can't be observed," Moore said. "So organizations may not devote as many resources to something like security because it's not as easily observable as other services.

One of the best ways to ensure a healthy security strategy is to take advantage of information sharing, Moore said.

"There are so many threats healthcare systems are facing that they often can encounter the same threats as their peers," Moore said. "Information sharing can help when one hospital shares with another that hasn't been targeted yet. The hospital can take advantage in ways it wouldn't have been able to do otherwise."

Healthcare organizations can also access valuable information from public regulation compliance filings and adhering to security frameworks that outlines structures of security controls that can be adopted.

"This type of information is giving them guidance where they should be trying to spend more money (on security) effectively," Moore said.

Register for the Privacy and Security Forum, which runs Dec 1-3 at the Weston Boston Waterfront hotel. 

Related articles: 

Cybersecurity: best practices for fighting insider threats 

What Microsoft's security war room means for hospitals

Practical steps to cyber hygeine for healthcare

Topics: 
Privacy & Security

More regional news

A doctor in scrubs reviewing a patient's record on a digital tablet

$14M more for EMR implementation in Victoria and more briefs

By
Adam Ang
November 24, 2024
Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill
Epic calls on Carequality to release Particle dispute resolution
VP candidates' EHRs may have been improperly accessed by VA employees

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Dr. Mehmet Oz
Trump picks Dr. Mehmet Oz to head CMS
Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve