Back to Top Skip to main content

Health.mil: the official website of the Military Health System (MHS) and the Defense Health Agency (DHA)

Utility Navigation Links

Social Media Links

Need larger text?

Military health cybersecurity officials warn of possible pitfalls of easy access to information

woman looking at a laptop Cybersecurity Awareness Month

10/14/2016 By: Military Health System Communications Office

Share

The good news is the bad news when it comes to cybersecurity: there’s more access to information than ever before.

“People expect to get information on their phones, at home, in coffee shops, at work, in multiple ways,” said Servio Medina, one of the Defense Health Agency’s Health Information Technology’s division’s leaders on cybersecurity. “When you increase the venues of access, you could increase the likelihood of risk and unauthorized access.”

That’s why the Military Health System is increasing its efforts for better overall cybersecurity. Medina said it’s more important than ever to protect information, especially someone’s personal health information.

“We need to be more aware and savvy of the risks in accessing information, and we could inadvertently contribute to those risks,” he said.

Medina pointed to phishing as one of the most common methods of breaching data. Scammers pose as a legitimate business to steal information. The key is making people be cyberfit. The Department of Defense (DoD) launched its Empower the Patient Cybersecurity Awareness Campaign in August to share ways MHS beneficiaries can protect their personal health information.

“People need to understand more than their rights; they need to know their responsibilities,” said Frank Rowland, chief of DHA’s Cyber Security Division. Medina said most health information breaches are due to human error and are preventable. He said people need to change their mindset to be aware of cybersecurity all the time, not just once a year during required DoD cybersecurity training. He compared cybersecurity awareness to hospital efforts to promote handwashing . Once the correct procedures were reinforced, the number of infections dropped.

“Human error data breaches, just like improper handwashing, puts us at risk,” said Medina. “We need to change human behavior so we’re not making ourselves more vulnerable to ‘cyber infections.’”

Medina recognizes there must be a balance between using advanced technology, such as a networked medical device, and keeping personal health information away from the open doors those devices bring. He said the integrity of the system must be verified, with rigorous safeguards in place. Military hospitals and clinics may be in a better position than many of their civilian counterparts to protect health information.

“There are standards that apply to all military treatment facilities,” said Medina. “So all our systems that process personal and health information are subject to the same procedures and requirements.”

But even with the extra safeguards and firewalls DoD has, Medina said, people need to protect themselves and their information.

“If our patients are more savvy, we don’t have to react to as many potential incidents,” said Medina. “We just need to raise that awareness and promote a more cyber secure culture.”

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.
You are leaving Health.mil The appearance of hyperlinks does not constitute endorsement by the Department of Defense of non-U.S. Government sites or the information, products, or services contained therein. Although the Defense Health Agency may or may not use these sites as additional distribution channels for Department of Defense information, it does not exercise editorial control over all of the information that you may find at these locations. Such links are provided consistent with the stated purpose of this website. You are leaving Health.mil View the external links disclaimer here. OK Cancel