As the majority of us are aware, recent years have been increasingly challenging in relation to cyber security. Many hospitals across the country have been victims of a hacker attack. Ransomware has become an extremely lucrative operation for cyber criminals.
When hackers target hospitals, the consequences can be devastating – especially for rural hospitals. Delayed surgeries, postponed tests and canceled prescriptions are real threats.
While more health care organizations are ramping up their protective measures to deal with the problem, no amount of investment can provide complete security. On top of this, health care systems are often complex and standard security measures like automatic logouts and two-step verification often don’t apply to health data.
One suggestion for organizations’ primary focus is on areas of biggest risk. You’ll need to determine the worst-case scenario should your information be compromised, then follow up with limiting the location where the data resides, limiting access points.
Your security concerns will need to be addressed throughout the structure and use of your data management. It no longer is enough to be concerned with firewall abilities, for a set time, it’s becoming more common to create a threat profile to truly integrate security into a system. It’s also helpful to bring in external experts for fresh input in addressing the problem. They may provide newer perspectives on threats, technology, and different experiences to the plate.
Kevin Durkin, a CFO of Threat Stack, a cloud security company, suggests focusing on:
– Deciding what are the most precious pieces of your organization. Which ones are absolutely critical?
– Defining the risks as best you can, drilling down to actual numbers if possible in a worst-case scenario.
– Assessing the full return on investment. Don’t just look at your expenditure. How much can security investments save you compared to what a breach might cost you?
– Looking extensively at all your line items in your budget. While some may not appear to be directly related to security, there may be an indirect link.
– Thoroughly assessing pros and cons of tools in (or to be put into) use. What are you currently using? Are there more effective ones? What are your options?
Some questions may not be applicable in your situation, but you’ll be well-served to delve as deep as you can into questions, and to think as creatively and proactively as you can as well.
to ensure that the spending will result in effective security.
Health care organizations can’t put cybersecurity on the backburner. There will always be new threats. Health IT needs to be a permanent line item.
Minimizing privacy and security risk can be overwhelming and costly. PCG’s affordable Privacy & Security Toolkit provides access to a Virtual Privacy and/or Security Officer along with a library of policies and procedures, standardized training tools, documents, forms, and templates. In addition, the library includes a Privacy and Security Risk Assessment that will guide you meeting your privacy and security needs at an affordable cost.