All hospitals know that they need to have some form of security plan in place to protect patients and their information. The problem is that the changing requirements and increase in breaches means that this plan has to always be evolving. Hospitals likely have goals for what they would like to change in the future to make sure they are adapting to the ever-changing threat landscape.
I recently posted about Ten Best Practices to Mitigate Cybersecurity Threats that came from recommendations by the Health and Human Services publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” That document addresses five cyber threats, with ten best practices for small to large healthcare organizations.
On October 27, 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). Section 405 of CISA is specific to healthcare and charges Health and Human Services (HHS) with the responsibility of leading healthcare cybersecurity efforts, with the goal of keeping patient personal data secure.
ECRI Institute recently announced their annual “Top 10 Health Technology Hazards for 2019.” If you keep abreast of Health Information Technology (HIT) news, you already know the number one risk: hackers can exploit remote access to systems, disrupting healthcare operations.
"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death."
The topic of security is on the minds of most healthcare IT professionals today. Securing remote access to your hospital's network is the deadbolt that helps protect your data. Most people don't leave their backdoor wide open, or expect that little doorknob lock to be secure, so why do most hospitals do the equivalent with their networks?
Times, they are a changing! And, that's a good thing! Have you evaluated or made plans to move to MEDITECH's new Expanse platform? I wanted to share with you how we are keeping up with the changes and helping hospitals keep up too.
As an IT security vendor, it's hard to compete with hope. After all, hope is free.
Network security is like financial planning. There’s so much information out there that it can be overwhelming. People I know have made bad decisions and some have been fooled or tricked, resulting in big losses. If they are complacent and do nothing, things may or may not work out. Is that a risk worth taking? The only correct path is to find a good partner, educate yourself, protect your assets, and pave the way for a secure future.
Read More
I was chatting with a group of hospital CIOs recently and we were discussing network security and what makes their networks vulnerable. I was surprised by the difficulty each was having with remote access by physician office staff. It was unanimously one of the greatest concerns. While we know they have some longstanding, awesome partnerships with physician offices, there are three main vulnerabilities that have surfaced with remote network access:
1) Unknown terminations
2) Inappropriate access discipline
3) Access after termination
It’s been a little while since our last post. Please forgive the lapse — we’ve been busy connecting medical devices to EHRs at many hospitals. And we have another Smart Pump EHR Integration implementation currently scheduled to go live in September.
Connecting smart pumps to your EHR is a complex project, but well worth it. Doing so improves patient safety, saves your nurses time, and helps increase IV reimbursements. If you’re interested in learning more about Smart Pump EHR Integration, we’re hosting three webinars this summer on the subject, including one where Amy Speanburg, MS, RN, Clinical Informatics Specialist at Saratoga Hospital will join us as our guest speaker.
Scroll down for registration links and a description of each webinar.
Comments