Military health cybersecurity officials warn of double-edged sword of ease of access to information

Cybersecurity Awareness Month

THe good news is the bad news when it comes to cybersecurity: there’s more access to information than ever before.

“People expect to get information on their phones, at home, in coffee shops, at work, in multiple ways,” said Servio Medina, one of the Defense Health Agency’s Health Information Technology’s division’s leaders on cybersecurity. “When you increase the venues of access, you could increase the likelihood of risk and unauthorized access.”

That’s why the Military Health System is increasing its efforts for better overall cybersecurity. Medina said it’s more important than ever to protect information, especially someone’s personal health information.

“We need to be more aware and savvy of the risks in accessing information, and we could inadvertently contribute to those risks,” he said.

Medina pointed to phishing as one of the most common methods of breaching data. Scammers pose as a legitimate business to steal information. The key is making people be cyberfit. The Department of Defense (DoD) launched its Empower the Patient Cybersecurity Awareness Campaign in August to share ways MHS beneficiaries can protect their personal health information.

“People need to understand more than their rights; they need to know their responsibilities,” said Frank Rowland, chief of DHA’s Cyber Security Division. Medina said most health information breaches are due to human error and are preventable. He said people need to change their mindset to be aware of cybersecurity all the time, not just once a year during required DoD cybersecurity training. He compared cybersecurity awareness to hospital efforts to promote handwashing . Once the correct procedures were reinforced, the number of infections dropped.

“Human error data breaches, just like improper handwashing, puts us at risk,” said Medina. “We need to change human behavior so we’re not making ourselves more vulnerable to ‘cyber infections.’”

Medina recognizes there must be a balance between using advanced technology, such as a networked medical device, and keeping personal health information away from the open doors those devices bring. He said the integrity of the system must be verified, with rigorous safeguards in place. Military hospitals and clinics may be in a better position than many of their civilian counterparts to protect health information.

“There are standards that apply to all military treatment facilities,” said Medina. “So all our systems that process personal and health information are subject to the same procedures and requirements.”

But even with the extra safeguards and firewalls DoD has, Medina said, people need to protect themselves and their information.

“If our patients are more savvy, we don’t have to react to as many potential incidents,” said Medina. “We just need to raise that awareness and promote a more cyber secure culture.”