According to a 2016 annual survey by Modern Healthcare, 81 percent of healthcare CEOs expected cybersecurity threats against their organizations to increase in the coming year.
Most of those CEOs planned “considerable” or “some” budget increases to combat those threats. But money, scarce as it is, won’t reduce vulnerabilities on its own.
But money, scarce as it is, won’t reduce vulnerabilities on its own
Leadership from the top is a critical factor if security investments are to truly reduce risks. Executives interviewed for a healthcare cybersecurity handbook for CEOs all agreed that, for security to become an urgent priority among doctors and staff, leaders must demonstrate that urgency from the top.
An end-to-end security approach must be implemented and then publicly championed by both the board and executive leadership. When that happens, “It rolls downhill very well and people across the hospital are willing to listen,” says Garden City Hospital’s Christopher Allman.
Rich Miller, President and CEO of Marlton, N.J.-based Virtua, agrees.
“We have 9,000 employees. In an organization this size, the journey to cybersecurity has to start with the CEO. I can’t be afraid to go out and discuss the issue with employees and physicians,” says Miller.
In tight economic times, nothing says you’re serious like a significant and touted reallocation of budget.“The way you allocate resources is an indication of what your belief system is,” says Ronald A. Paulus, MD, the physician-CEO at Mission Health.
Hospitals have had more than a century to develop and implement, with their physicians and staff, the basic protocols to prevent the spread of germs. Now, they face a different sort of dangerous infection. They’re operating in a cyberhot zone.
Doctors can be trained for this sort of battle, but need to understand the pervasive nature of the threat. From understanding, training, investment and leadership come effective change.
To help create a culture of cybersecurity, healthcare organizations should consider the following steps:
First, understand the system you’re protecting, and expose its vulnerabilities. This requires an independently drawn picture of your security state, including devices, permissions, network architecture and security practices. This is required for HIPAA compliance, but HIPAA compliance – designed to protect privacy – isn’t enough.
As one CEO put it, hospitals are basically information systems. Every intelligent device will eventually become connected, so use your network and security tools (routers, switches, firewalls, anti-malware, etc.) to quickly identify attacks, control data flow, and mitigate and control disruptions.
From phones to laptops to desktops to connected medical devices, everything must be included in a defense plan.
Implement robust encryption and authentication technology and protocols, and isolate medical devices, which may use outdated OS or security technology.
Is a doctor – at the hospital yesterday – trying to access data from Russia today? It may not be the doctor.
Data can identify and stop attacks whose fingerprints have been identified elsewhere. A global analytics model helps find threats that are directed toward, or even coming from, your hospital.
This includes mock phishing exercises, penetration testing, social engineering, vulnerability scanning and other proactive tests.
A strong security culture starts at the top. Training must be systematic and relevant. Make it a repeating fact of work life.
They can be a key weak point, and you may be liable.
Statistics say your network will be – or has been – breached. Actions taken after identifying the breach determine and limit the extent of the harm.
Download the Cybersecurity Handbook for Healthcare CEOs to learn more.
Share this with others
READ MORE ARTICLES ON:
Sign up for the AT&T Business newsletter
Your feedback will help us to improve AT&T Business so you continue to have a great experience when visiting us!
This survey is conducted by an independent company ForeSee for AT&T.
Yes, I’ll give feedback!
Please provide the following information to access your document:
* To access your content, please check your browser settings to make sure pop-up windows are allowed.