By Anthony Murray, Chief Information Officer, MRO Corp
Twitter: @MROCorp
Cybersecurity consists of the practices and software utilized to protect data from unauthorized access, as well as from internal vulnerabilities that put data at risk. Healthcare data has become a growing target of cyber-attacks via areas such as digital health records, data sharing and medical devices that communicate with hospital systems that do not have the appropriate level of safeguards in place. Healthcare organizations must make an investment in their facility’s security infrastructure to reduce the risk of breaches from occurring.
Does your healthcare organization perform risk assessments to identify compliance gaps and cybersecurity vulnerabilities? What measures does your facility have in place to reduce the risk of security breaches? Does your healthcare facility have a tested recovery plan in place? What training is offered to your employees to emphasize the compliance risks your organization faces? What is your current turnaround time and costs associated with breaches? These are all vital questions to be asking within your organization.
Connect, Protect and be Aware
In today’s world, the line between our online and offline lives is no longer clear. While this situation creates opportunities, it also creates many challenges for individuals and organizations around the globe. To reduce your security risk, make sure to regularly update your security software, browsers, and operating systems.
Links in emails, tweets, texts, posts, social media messages and online advertisements are the easiest way for cybercriminals to get a foothold in your system and deploy malware to harvest your sensitive information. Be wary of clicking on links for downloading anything that comes from a stranger or that you were not expecting. If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from, even if the details appear accurate:
- Do not respond
- Do not open attachments
- Do not click on any links
Cybersecurity Discussions Within Your Organization
With security breaches on the rise, now is the time to initiate conversations about security infrastructure within your organization. Healthcare organizations need to continually monitor industry trends, assess vendor relationships, and stay up to date on any gaps their security system may have that can cause potential risks. Cybersecurity is an ongoing process that requires suitable resources to decrease vulnerabilities. Ongoing training with employees, utilizing software, choosing the vendor, as well as staying up to date on cyberattacks within the industry, are just a few ways healthcare facilities can approach the ongoing threat of cyberattacks in this industry. Some additional discussion points for your organization should include:
- Does your healthcare facility have the right policies in place, and are these policies understood by all the appropriate employees?
- What is your facility’s approach when assessing vendors? Does your facility approach allow you to vet and assess where there may be potential areas or security risk? Assessments can provide valuable information regarding the business associates training program, compliance, and security controls implemented.
- Do you conduct tabletop incident response exercises to ensure your staff/team know their roles and responsibilities before you add the pressures of an actual cyber-attack event?
- Does your current vendor conduct annual/ongoing training for workforce members?
- Does your facility partake in any kind of cyber risk analysis to evaluate the vital technical and physical safeguards?
- Does your system/application encrypt sensitive data both “at rest” and “in transit”?
- Does your healthcare facility enforce the appropriate data retention policy to securely wipe information after the retention period is met?
- Have you tested your disaster recovery plan to identify the following?
- That have a backup with all the necessary data to restore systems to a functional state after a ransomware attack.
- That your documented restore procedures have kept up with your recent changes over the past 6-12 months.
- That you can meet your business expectation to return systems to an acceptable and virtually “full operational” status.
As cybersecurity and data protection continues to be a hot topic in 2022, be sure you can answer these vital questions around your organization’s policies, procedures, and action plans.
This article was originally published on the MRO Blog and is republished here with permission.