Written by Guy McAllister, Director, Privacy & Security - iatricSystems
I recently posted about Ten Best Practices to Mitigate Cybersecurity Threats that came from recommendations by the Health and Human Services publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” That document addresses five cyber threats, with ten best practices for small to large healthcare organizations.
These recommendations came from the efforts by the CSA Task Group charged with drafting this publication, and in reflecting on this work, I am drawn to a sobering quote within the document by one of the task group participants,
“I entered into the health care field with a mission to protect and care for patients. This mission now includes cybersecurity.”
Over my own healthcare career, I’ve known many outstanding doctors, nurses, and medical technicians who have given their life to patient care and the mantra of do no harm.
Now, unfortunately that also has to include cybersecurity, because it is now every healthcare worker’s responsibility. And for the IT staff of every healthcare organization, you are just as responsible for patient safety and to do no harm.
The Executive Summary of the document is titled; Call to Action: Cybersecurity a Priority for Patient Safety. If you are reading this blog, then perhaps you already have an awareness and desire to act. If you are casually reading and don’t sense the urgency, I implore you to take action!
Patient safety is at stake, and the target falls squarely in our area of responsibility — Information Technology. IT leaders from CIOs, CISOs, IT Directors and Managers must continually educate themselves so they can be the cybersecurity champion for their health system.
But before you can be a champion, you need to be a Subject Matter Expert (SME). Every healthcare organization needs a SME in cybersecurity.
Some questions to ask yourself to improve your organization's cybersecurity expertise:
The cybersecurity challenge we face in healthcare is real, and it will not diminish over time. All one needs to do is look at our industry news sites to see the increase of cyber crimes and the devastation it causes.
Policies, procedures and tools used today may not guarantee success tomorrow, so we must all be constantly learning and applying new tactics. The strategy must be dynamic and that requires key leaders to become well informed and remain well informed!
Here are some things that you can do now to move your strategy forward:
For an easy way to quickly assess your remote access gaps, you can take this Vulnerability Assessment.
It’s a fact that the aftermath of a cyber attack leaves health systems crippled. And let’s not forget the patients at risk from a cybersecurity incident! Become the cybersecurity SME in your organization by being informed and involved in the solution. Let’s all strive to make an impact on cybersecurity in 2019.
If this information has your head spinning, you are welcome to schedule a meeting with me to discuss securing remote access to your network.