Social media involves constantly changing security risks that hospitals need to be aware of, according to Tom Pendergast, Ph.D., Chief Strategist at MediaPRO, an e-learning development company.
1. Inappropriate Sharing of Organizational Information
The primary security risk is when an employee inappropriately releases any form of company information. “That could be releasing intellectual property, trade secrets, or patient information,” says Pendergast.
2. Damage to Organization Reputation
At the same time, inappropriate use of social media that damages an organization’s reputation is also a security issue. For example, per Pendergast, an employee may mention a new product release that the marketing department wasn’t ready to announce. “It isn’t a crime, but they’ve just compromised their company’s competitive advantage by doing that,” he notes.
3. Security Issues When Sharing Personal Life Events Include Inadvertent Disclosures
Certain social networks create security risk hotspots, such as Facebook and LinkedIn. LinkedIn encourages employees to talk about what’s happening in their professional lives and thus can create a challenge for hospitals. According to Pendergast, “An employee might upset co-workers by posting a promotion they received when that promotion hasn’t been announced.”
4. Phishing Risks
Workers in industries such as healthcare are at risk for targeted phishing attacks via social media. [NOTE: “Phishing” is defined as requesting confidential information over the Internet under false pretenses in order to fraudulently obtain credit card numbers, passwords, or other personal data.] “They might seek people on LinkedIn or Facebook who work at a specific hospital and send that person malware,” says Pendergast. This includes email messages and web links that can release viruses. “It’s important to teach employees to exercise a lot of skepticism and view with suspicion any unfamiliar attempt to direct you to a website or to solicit information from you,” offers Pendergast.
Ways to mitigate risk include asking employees to create complex passwords and conducting phishing campaigns that send out a fake email to staff to determine who is more prone to fall victim to these attacks. In the end, shares Pendergast, “Because there are so many ways criminals use social engineering to gain access to an individual and an organization, we try to teach people to be more paranoid.”
HealthStream’s learning management system and comprehensive suite of competency management tools empower your healthcare workforce to deliver the best patient care.View All Learning & Performance
When you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.View All Quality & Compliance
Fulfill compliance requirements with a variety of programs and courseware designed to address critical regulatory requirements as well as educate staff to recognize and mitigate risks.View All Products
HealthStream offers professional training and education on how to best optimize your reimbursement process within your healthcare organization.View All Reimbursement
Improve the preparedness of your staff, increase survival rates, and cut costs with the advanced resuscitation training services from HealthStream.View All Resuscitation
Expand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.View All Clinical Development
Delivers everything you need to request, gather, and validate information about a provider to create a single source of truth for downstream processes.View All Credentialing
Make sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.View All Scheduling & Capacity Management