Privacy & Security

A risk assessment can be the foundation for budgeting and priorities for the department.

In today's environment, where cybersecurity threats are becoming more and more pervasive, even small healthcare organizations understand that purporting to have comprehensive data privacy and security policies and procedures in place isn't enough. Business partners want more. Regulators demand more.

Matt Fisher, partner and chair of the health law group at Mirick O'Connell, says hospitals need to  know the facts about HIPAA compliance (it does not gurantee security), risk analysis (it shouldn't necessarily be done alone), business associate agreements (read them, don't just sign them) and cyber insurance (it's not a panacea).

(SPONSORED) Caleb Barlow, vice president of threat intelligence at IBM Security, says sometimes a hospital's response (or lack thereof) to a data breach can be as damaging as the breach itself.

Barry Herrin, principal at Herrin Health Law, says spending more money on security technology will only accomplish diminishing returns. Instead, hospitals should take a broader view of people and processes, implementing risk management frameworks such as NIST SP 800-53 and partnering with external threat groups such as InfoGuard and the FBI.

At the HIMSS Healthcare Security Forum, the chief information security officer of Penn Medicine describes the state of cybersecurity in 2017 – from the potential incidents that keep him awake at night to emerging signs of encouragement. He also explains why military veterans have the right skill sets for IT and security work.  

With security risks on all sides, healthcare providers must have a game plan. At the HIMSS Healthcare Security Forum, former U.S. Secretary of Homeland Security Tom Ridge lays out the top things they should be doing right now to gain visibility into the threats – and how they should be planning for the future – while explaining the lessons they can draw from the intelligence community.

(SPONSORED) Even though they're a significant attack vector – a gateway through which attackers can gain access to a hospital's entire information network – the allure of vulnerable medical devices to cyber crooks is still under-appreciated, says Bill Parkinson director of global healthcare strategy at Unisys.

Whether because of a nefarious manmade or natural disaster, hospital IT shops often find themselves strapped during a crisis. The government and private sector have already developed considerable resources to help. Here’s a look at those.

Cybersecurity requires strategy to succeed and that means putting your priorities in the right place. CISOs and other infosec pros must up their game to make protecting patients the top concern.