New guidelines aim to help healthcare CIOs with cybersecurity initiatives
CIOs in healthcare will without exception have cybersecurity as one of their primary focus areas for 2019 – if not their biggest priority. To help in this quest, the Department of Health and Human Services (HHS) has published a checklist of security best practices to help ensure a ‘holistic view of the intersection between cybersecurity and healthcare’, in the organisation’s own words.
The full document (pdf, 36 pages) looks at various individual threats, from email phishing, to ransomware, to loss of data and devices, and gave a stark warning about the challenges the healthcare industry continues to face.
The report cited an IBM and Ponemon Institute study which found the cost of a data breach for healthcare organisations rose in 2018 from $380 to $408 per breached record. This is considerably more than financial ($206 per record), technology ($170) and education ($166), meaning all data is equal but some data is more equal than others.
“Effective cybersecurity is a shared responsibility involving the people, processes, and technologies that protect digital data and technology investments,” the report notes. “It is a continual battle, because hackers constantly find creative ways to defeat cyber threat defence initiatives.”
The best practices found in the document are based on the Cybersecurity Act of 2015. Regarding the specific use cases, the majority of the advice is common sense, describing device loss as a ‘serious cyber breach’ which needs to be dealt with by trained IT security professionals. It can be an expensive business, too; in 2017 the Children’s Medical Center of Dallas paid more than $3 million to the US government after breaching HIPAA protocol through a lost device in 2009.
The practices put forth in the document aim to strengthen cybersecurity capabilities through three primary goals; enabling organisations to evaluate and benchmark cybersecurity capabilities effectively and reliably; sharing knowledge across organisations; and enabling organisations to prioritise actions and investments.
“The drive towards a consistent, resilient and robust cybersecurity strategy starts with HHS and each public and private-sector healthcare organisation,” the report notes. “It continues by building strong working relationships with associations, vendors, and other user communities in the patient care continuum.
“Cybersecurity must be the responsibility of every healthcare professionals, from data entry specialists, to physicians, to board members.”
You can read the full report here.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Tech, people and culture: The three pillars of business innovation and digital transformation
- » Why the Internet of Things and DDoS attacks are a match made in heaven
- » Why 74% of data breaches start with privileged credential abuse
- » Why SIEM alone is not able to stop insider threats
- » Why the missing link for enterprise digital transformation is Zero Trust Security