Imagine you’re laying on a hospital bed in an emergency room. The doctors and nurses are rushing around in seemingly organised chaos. You hear beeping and shouting as they investigate and prepare. Imagine the fear you feel, the uncertainty of this life or death situation. Imagine, then, you hear a voice of a doctor: “Damn I can’t remember my password!”
When considering security in healthcare it sometimes feels like you’re going into an entirely different domain. One of the biggest mistakes in cyber security is to treat every organisation the same way, a one size fits all approach. Healthcare has such a different set of rules and requirements to most businesses that it’s hard to even slightly entertain that illusion.
When asked about security in healthcare, most people’s minds go to the security of their patient data. They think about their privacy, about those sensitive answers they give the doctor. When you think about mental health practices, patient records can be as personal as your diary, and the exposure of those records would be violating. Is that the worst case when it comes to healthcare cyber security though?