Each week we read about the number of breaches and cybersecurity attacks that cripple healthcare organizations. Now we are seeing articles and research about the impact cybersecurity breaches and attacks are having on the financial health of healthcare organizations.
I grew up being told “there are consequences to your actions young man!” Sometimes those consequences I faced were small and moved past me without much fanfare, while others seemed to knock me down. Often, these consequences came from wrong choices, and at times they came when I made the right choice but didn’t put my heart into it and do enough. One thing I can attest to is those consequences, great or small, helped make me a better person today.
I think I want to stay in bed…Have you ever had one of those weeks when everything went wrong all week and every day was a Monday? The week of May 13 th was one of those weeks for IT and cybersecurity. As I was reading throughout the week, I found articles about:
The Two Tales of Remote Access Security: Protection from Hackers, and Meeting Regulatory Requirements.
It’s all over the news - a new healthcare breach here, a new healthcare IT study there, that talks about how healthcare IT security needs to be a focus in 2019. Yet, we are already seeing more breaches in 2019 than ever before.
All hospitals know that they need to have some form of security plan in place to protect patients and their information. The problem is that the changing requirements and increase in breaches means that this plan has to always be evolving. Hospitals likely have goals for what they would like to change in the future to make sure they are adapting to the ever-changing threat landscape.
I recently posted about Ten Best Practices to Mitigate Cybersecurity Threats that came from recommendations by the Health and Human Services publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.” That document addresses five cyber threats, with ten best practices for small to large healthcare organizations.
On October 27, 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). Section 405 of CISA is specific to healthcare and charges Health and Human Services (HHS) with the responsibility of leading healthcare cybersecurity efforts, with the goal of keeping patient personal data secure.
Vendors always attempt to position themselves as a partner and a friend. The vendor relationship can sometimes get confusing and cause frustration around expectations, and one of those expectations is protecting data. So, the Vendor Relationship: BFFs? or Covered Entity and Business Associate?
It’s enough stress on CIOs and IT Directors to worry about a breach occurring in their own organization; but add to that stress the concern of being responsible as well, if a breach happens at one of their vendors. It can be overwhelming!
ECRI Institute recently announced their annual “Top 10 Health Technology Hazards for 2019.” If you keep abreast of Health Information Technology (HIT) news, you already know the number one risk: hackers can exploit remote access to systems, disrupting healthcare operations.
"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death."
The topic of security is on the minds of most healthcare IT professionals today. Securing remote access to your hospital's network is the deadbolt that helps protect your data. Most people don't leave their backdoor wide open, or expect that little doorknob lock to be secure, so why do most hospitals do the equivalent with their networks?