Security Solutions for Cyber Risk Mitigation
The Tao of Cyber Security in today's reality
Preventing Cyber-Attacks in Universities with Operational...
Addressing Cyber Security Strategically
Ever-Changing Cyber Security of Business Community
Jim Sills, CIO/Cabinet Secretary, State of Delaware
Thank you for Subscribing to CIO Applications Weekly Brief
Augmenting Cybersecurity in Healthcare Industry
By Robert Napoli, CIO, Planned Parenthood of the Great Northwest and the Hawaiian Islands
Despite these investments, protecting sensitive data and securing systems is increasingly difficult for many organizations. The healthcare technology environment is unique in its complexity. Many organizations have hundreds of applications and dozens of systems - all presenting potential threat vectors for breaches. Departments are often siloed, especially in larger organizations and “shadow IT” is common. Biomed and IoT-enabled medical devices provide additional risks. Threats are both external and internal. The security landscape is constantly evolving with increased sophistication and complexity with new threats and vulnerabilities appearing daily. When you consider that each employee, volunteer and vendor that has access to systems is a potential risk, it is understandable how breaches occur even in those organizations spending a lot of money on their cybersecurity programs. The reality is that effective healthcare cybersecurity is extremely difficult.
Strategic Initiatives Taken to Counter Security Threats
It is widely accepted that the best cybersecurity program starts with an adequately trained staff. Internal users often are an organization’s greatest risk and I am a strong advocate of providing a robust security awareness training program.
Identifying the Right Solution Provider
The cybersecurity marketplace is expected to exceed $1 trillion over the next five years. Technology leaders have more options for products and services than at any point previously. In one respect, this is a great problem to have. However, sorting through the choices and trends is challenging and can be daunting for many organizations. I understand first-hand how difficult it can be to decide on a seemingly endless number of products and services to find the best solutions for our budget. After all, throwing money at your cybersecurity program is not a strategy, and a multi-layered approach doesn’t mean having duplicative solutions. We have successfully used advisory services to simplify the task of shortlisting products to pilot. Having a large network of peers and colleagues who can make recommendations has also been helpful in our selection process. Partnering with an experienced and capable MSSP is also anexcellent way of aligning around a cybersecurity strategy that works and is cost effective.
Evolution in Cybersecurity
I remember a time when cybersecurity was an afterthought in healthcare. Computing technology was less sophisticated than it is now (especially prior to the emergence of WiFi and the Cloud) and many cybersecurity strategies were limited to firewalls and anti-virus applications. Often, organizations took a “head in the sand” approach and were reluctant to invest in cybersecurity unless they experienced a breach. As mentioned earlier, that is no longer the case and most organizations understand that threats are advanced, constantly evolving, sophisticated, and unfold over long periods of time from a myriad of threat vectors. Protecting sensitive data requires diligence, persistence and yes, a budget.
Word of Advice for Fellow Executives
For those organizations not yet there, it is imperative that technology leaders make the case that an effective cybersecurity program is no longer just IT’s risk and responsibility. Technology executives should be prepared to communicate the scale of risks across the entire organization, taking steps to minimize those risks by mapping controls to key assets and developing contingency plans should a breach occur. Finally, it is essential that technology leaders accurately set expectations relative to their cybersecurity programs – that is, you can’t eliminate all risks with 100% certainty regardless of your budget and current cybersecurity posture. My organization devotes significant resources to cybersecurity, and we have done an excellent job securing our patient data and protecting other systems. However, I am quick to remind my Board of Directors and Executive Team that despite these efforts I cannot guarantee that all risks have been mitigated and that we will never experience a breach or incident. This work is perpetual and requires ongoing commitment, diligence and organizational support.
Check out: Top Healthcare Security Solution Companies