Terrorism comes in many forms, all with somber outcomes. Healthcare delivery organizations must realize that they too, are a potential target. The trust and confidence that patients (customers) have in their care providers is under assault. Covered entities must recognize that brand and reputation damage is real when it comes to breaches, med-jacking, and obstruction of care. Your security posture is already shaping patient safety and will soon factor into competitive advantage, or disadvantage, if you are not effectively communicating your cyber attentiveness with your customers.
8 approaches to building a more cyber savvy healthcare board
The 2017 KLAS-CHIME Healthcare Provider Security Assessment notes that only 16% of healthcare organizations feel they have a fully functional security program and more than half of the organizations that are still developing their security program are spending less than 3% of their total IT budget on security.
The year of healthcare ransom attacks, 2016, was sure to awaken healthcare board’s to the possibilities, risks and organizational impact of being another victim of ever present malicious acts carried out on our industry. Information Risk Management funding is increasing at a sluggish clip, as evidenced by the recent KLAS-CHIME survey. To expedite an understanding of where additional budget allocations will have measurable impact, boards must first take the mantle of leadership by engaging both personally and strategically in cyber security.
First Cyber Health Solutions was fortunate to have the opportunity to learn recently what some of the nation’s leading healthcare systems are focused on in order to reduce their organization’s risk of incurring a security breach. We all know how daunting the task is of protecting our organization’s infrastructure from attack. It can be so overwhelming and complex that you don’t even know where to start. Why not follow the lead of some of our nation’s leading providers and focus first on the four areas listed below.
Whether you know it or not, your hospitals are being inundated on a daily basis with devices that want to communicate over your networks and the Internet. As you bring in and install new equipment (medical devices, payment processing machines, etc.), many of these devices have the ability to send and receive data over your network and outside of it, as they are part of this “Internet of Things”. This represents a point of vulnerability for your network. You need to take action to make sure that these devices are not going to be an entry point for a breach at your organization.
Healthcare system networks consist of multiple sources of data from multiple enterprise-level systems communicating in real time. This presents the healthcare cybersecurity professional with varying protection requirements. As these multiple types of data come together and transfer over to other systems, the data is accessed by many different users with varying analytics needs. Due to the urgent nature of information transfer in a healthcare environment, much of the data is transferred in clear text. Health care organizations face even greater risks if any part of a system is deployed in a cloud environment. When viewed from a patient perspective, speed of information flow is paramount. When viewed from an enterprise perspective, the importance of security becomes paramount. Organizations must protect sensitive customer, partner, and internal information and adhere to an ever-increasing set of compliance requirements.