In recent years the volume of hospitals and the health sector entities that that have fallen victim to hackers has continued to rise at an alarming rate. With each breach there are empty promises and finger pointing while the organizations attempt to attribute the hack to a bad actor like Deep Panda based off of exploit kit components that were used in a previous breach. Where are they getting their information? Who knows and who cares because it's almost always wrong and attribution is typically a waste of time as it is an attempt to take the responsibility and public outrage off of the hospital or healthcare organization's lack of proper cybersecurity hygiene and non-existent cybersecurity culture.
When one takes a closer look at the actual problem in order to remedy a scalable solution the most profound reality is the pure lack of cybersecurity training in perfectly applicable environments where students are learning health IT, healthcare informatics, nursing and HIPPA. The fact that cybersecurity hygiene is an afterthought rather than an academic course in the health sector should have the victims of these breaches rioting in the street, yet there is a deafening silence on this topic of educational reform. I'm not saying that a full on curriculum covering Advanced Persistent Threat intricacies such as hacker tool kits, exploits, droppers, remote access trojans or how to forensically investigate code. But, perhaps it may be useful, while studying a technical topic to add a few ingredients of cybersecurity to, keep tens of millions of innocent people from having their health records exfiltrated by bad actors wishing to do them harm.
This book series is intended to introduce the reader to healthcare informatics, health IT and HIPAA while simultaneously enhancing this information with cybersecurity content. Cybersecurity hygiene and an active and thriving cybersecurity-centric culture should be the foundation of patient record privacy and information security training in the health sector work place.