The role of information technology has infiltrated the day to day mechanics of all industries especially healthcare. Information technology and data security is particularly important to healthcare because of the volume of sensitive data healthcare companies store, and the urgency of access. Consider all the personal information held by hospitals and dentists, let alone the volume data that may be tracked via IOT medical devices that monitor vitals such as blood glucose, heart rate, blood pressure and more. And many of these IoT devices also upload their data to the cloud. So how will organizations in the healthcare industry evolve their data security programs to deal with cybersecurity in 2021?
The role of a CISO in a healthcare organization is arguably one of the most challenging in the data security industry. Of course, the way data is stored is protected by privacy standards and regulations but as we have seen over the last year, hackers are persistent when it comes to getting valuable patient information. One of the biggest breaches last year follows a growing trend of third party vendor breaches. It was caused by Blackbaud, a cloud computing vendor for nonprofits, foundations, corporations, education institutions, healthcare entities, and change agents. HealthITSecurity examines some of the biggest breaches in healthcare in 2020. At number one on the list, the Blackbaud breach affected more than two dozen providers and well over 10 million patients. Blackbaud estimates the breach has already caused well over $6 million in damages.
Could the number of breaches get any worse?
It’s hard to imagine but the short answer is yes. Some experts are suggesting that healthcare breaches will triple in 2021. But there’s a solution for busy CISOs and IT departments who need help with their data security and risk management programs.
It’s time for healthcare to become perpetually secure
The number of breaches in 2020 is a clear indication that it’s time for healthcare organizations to harness the power of cybersecurity technology and become perpetually secure. Small, medium and large organizations who are in the healthcare field can all take advantage of the security solutions available to bolster their security posture and prevent breaches from happening. Instead of simply managing to the audit, healthcare companies should build an always-on security program to protect their valuable information at all times.
The warnings about an expected increase in breaches, especially in the healthcare sector, emphasize the importance of building a culture of security at any organization. Employee security training is essential, and not just a one time training during employee on-boarding, but regular training sessions involving all employees where they are quizzed on what they have learned. It is also essential to extend your security program to cover vendors who might also have access to your sensitive information. Organizations need to think about security as more than just an episodic event, like a security audit, but instead they should build a culture of security to make sure all employees are aware of their role in protecting company information at all times. Only when healthcare organizations become perpetually secure will they be closer to their goal of protecting all the sensitive health information they handle and store.
How can healthcare organizations protect data in 2021?
Busy CISOs can prepare their organization by taking these 6 steps:
Running a risk assessment - know where you are most vulnerable. As a first step, CISOs should assess their security budgets and run a risk assessment to find out where their biggest vulnerabilities lie. By understanding where they are most vulnerable, CISOs can take the first steps to becoming more secure by directing budget to areas that need it most.
Create a risk based security budget - Create a budget based on identified risk, rather than simply allocating a portion of your IT spend. That way you can prioritize spending to the areas of higher need and the biggest risk, rather than trying to justify purchases against an arbitrary allocation.
Reviewing your employee processes and procedures - ensuring that you have clear processes in place and everyone understands their role. This requires both training and assessment.
Understanding who really needs access to data and who doesn’t - make sure data is accessible only to the right people. Ensure requests for access have a robust approval process and are time bound. Have a regular process for auditing system access to verify only those authorized have physical access.
Auditing your vendors - third party breaches are the Achilles heel of many organizations including healthcare. Ask your vendors to fill out security questionnaires routinely to make sure they maintain clear procedures and processes to protect sensitive information. In some cases, you can request that they maintain a current security certification such as SOC 2 or HITRUST.
Seeking expert help - if you are not sure where to start speak to experts who have experience in building security programs. Ostendio Professional Services is a team of experts providing additional help in establishing and running a security program. Our experts also give advice on the best standards and regulations for your business to follow.
Become perpetually secure and protect against cyberattacks in 2021
By taking advantage of an advanced data security solution, like Ostendio MyVCM, CISOs can know and show their data at all times and become perpetually secure. The easy to use dashboard gives the CISO a company view, geographical view or individual employee view of their security posture. It is easy to onboard all your employees to ensure everyone is invested in building a culture of security and protecting your organization and data from a breach. By using a platform like Ostendio MyVCM companies can also save time and money by creating efficiencies in their operations and eliminating mundane tasks that are currently taking up staff time. This allows IT department employees to be focused on what matters most - protecting the data held by your organization. Let the breaches suffered this year serve as a clear warning to all healthcare sector organizations - it’s time to protect your data by harnessing technology, becoming perpetually secure and preparing your cybersecurity program to face the potential hazards ahead in 2021.
As a healthcare CISO or member of an IT department what’s your biggest concern in 2021? Share your concerns by emailing us here.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at email@example.com.
Learn more about the Ostendio MyVCM platform and how to make your organization perpetually secure.