6 Pitfalls NIST Noticed – Ep 411 

When it comes to cybersecurity, It is important to understand who your audience is and how to communicate effectively with them. Today, we discuss an article on the cybersecurity pitfalls written by Julie Haney, Usable Cybersecurity Program Lead at NIST, and the importance of involving everyone in a team approach to protecting patients’ information.

In this episode:

6 Pitfalls NIST Noticed – Ep 411

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

Thanks to our donors.

HIPAA Say What!?!

HHS investigated a complaint from a patient who said that the Manasa Health Center exposed their PHI online in response to the negative review the patient posted. The investigation found where Manasa exposed mental health diagnosis and treatment information of 3 more patients as well. Manasa Health Center paid $30,000 to OCR and agreed to implement a 2 year corrective action plan to resolve potential violations of the Privacy Rule.

Manasa Health Center LLC Resolution Agreement and Corrective Action Plan | HHS.gov

6 Pitfalls NIST Noticed

Is Your Cybersecurity Strategy Falling Victim to These 6 Common Pitfalls? | NIST

Users are not stupid: Six cyber security pitfalls overturned

Handout version: Users are not stupid: Six cyber security pitfalls overturned

We’ve often said that EVERYONE is a part of the cybersecurity team. But, when organizations fail to realize that users, employees, humans play an important role in cybersecurity, there can be real consequences. Some of those consequences include:

1. More calls to the help desk
2. Mistakes can lead to cybersecurity incidents
3. Use of less secure workarounds (that shadow IT thing we often talk about)
4. User frustration
5. The perception that security is inconvenient and burdensome

What are Donna’s 3 rules about security?

1. Security is not convenient.
2. Security is not optional.
3. Security should not prevent you from doing your job.

All three of those are required for a true cybersecurity environment.

1. Assuming users are clueless.
2. Not tailoring communications to the audience.
3. [38:05] Unintentionally creating insider threats due to poor usability.
4. Having too much security.
5. Depending on punitive measures or negative messaging to get users to comply.
6. [49:52] Not considering user-centered measures of effectiveness.

You don’t have to get a major in psychology to be able to communicate with other people. You have to say, I have to find common ground to have a conversation.

There is a real need for effective communication and understanding when it comes to creating policies and procedures, conducting training, and avoiding pitfalls in cybersecurity. It is important to tailor communication to suit different audiences and treat everyone with empathy and respect. The articles linked in the show notes are a valuable resource for anyone working in healthcare and responsible for an organization’s cybersecurity practices.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.