How Design Thinking Can Be Adopted in Healthcare Security

Most companies have come to terms with the importance of cyber security. Healthcare organisations are proactively adopting new and improved security measures in anticipation of any incoming attacks. But how long can such measures hold against evolving threats? And are they scalable in nature?

A survey conducted by Threat Stack, a cloud security solutions company, revealed that over 50% of respondents find it difficult to select security solutions to protect their companies in the long term, grow with it and remain within budget. The solution? Design thinking.

Design thinking is an up and coming area in cybersecurity which focuses on how to implement design in areas that are not traditionally deemed creative or accepting of design, namely, cybersecurity. This strategy is user-centered in that its main focus is on how the user leverages the technology and what the best solutions for that user may be. It expects the designer to know the user and what he/she does really well. Only then can the product's design function correctly.

Design thinking is based on three fundamental concepts:

1. Empathy

   Empathy requires the software designer to observe, engage with and listen to users. In healthcare, users include both patients and providers. Empathy helps the designer to understand why, how and when the user does things. This also reveals how the user will adopt the security solution in real-life situations. For example, human error is one of the leading causes of data breaches. If security providers are able to observe and identify where things go wrong, they can develop more user friendly interfaces that quietly guide healthcare providers away from common mistakes without disturbing their workflow.

   Empathising with such needs is one of the core aspects of design thinking as it ensures a smooth and seamless experience for both patients and healthcare professionals. For instance, patient data needs to be protected at all times and every minute that security is down is considered an enormous legal and health risk. Consequently, healthcare providers need cybersecurity solutions that can allow networks to remain online at all times even during maintenance and repair.

2. Understand the problem, but focus on the overall solution

   Security professionals typically direct their full focus on solving immediate problems. While this is undoubtedly a crucial aspect of cybersecurity, design thinking prefers that all solutions fit together well in the long term. A one-off solution may work now, but fail when it is used in another situation. Rather than falling into the trap of reactive security, security providers should focus on ensuring that all solutions work together seamlessly in the long run. According to Threat Stack's study, 74% of participants believe that their security teams are pressured to remain on track with development and operations solutions. While this is an expected statistic, one cannot deny that long term solutions will alleviate some of this pressure.

3. Repeat

   One may believe that since design thinking targets long term solutions, product and solution development should take years to complete. On the contrary, design thinking promotes the quick development of small solutions and prototypes, the improvement of what works and the elimination of what does not. This is represented in the following model:

• Ideate- Collaborate with your team to think of a possible solution to the problem

• Prototype- Develop the idea into a smaller, tangible version

• Testing- Assess how the prototype works in a real situation

• Refine- Improve the prototype based on user feedback from the testing stage