In light of the recent cyberattack on Franklin, Tenn.-based Community Health Systems, the issue of cybersecurity is at the forefront of the healthcare industry.
Here are 10 ways to strengthen healthcare security, provided by InformationWeek.
1. Hire a chief security officer or someone solely dedicated to cybersecurity. Security infrastructure is very complex and it may be inadequate if another executive adds security duties to his or her responsibilities, suggests the report. Having a cybersecurity point person can help ensure someone is leading the security all the time. Alternatively, if hiring a C-suite executive is not feasible, organizations can hire a third-party firm specializing in healthcare security.
2. Give the CSO autonomy. A CSO needs sufficient power to solve the overarching issues they deal with. Having a CSO report to a CFO — as many organizations do — prioritize financial decisions over security ones, according to the report, which suggests CSOs should report to CEOs.
3. Take inventory of data and tools an organization owns. Having an itemized list of IT functions can help security professionals identify potential risks as well as the appropriate safeguards, according to the report.
4. Implement basic cybersecurity measures. Encrypt computers and choose secure passwords. It may be helpful to use automated tools to address and fix such basic errors.
5. Have regular meetings between CSOs and departments. Security experts can best tailor safeguards to departments and hospitals if they know the individual needs of the organization.
6. Turn security into a culture. Healthcare employees should internalize the need for such stringent security. At the same time, security processes should easily integrate into existing cultures and workflows.
7. Partner with the government. The federal government may be able to provide the public healthcare sector with information more quickly and better respond to threats. However, healthcare organizations must also realize they can't exclusively rely on the government for information, as some data (i.e., Regarding national security) is classified.
8. Look to other industries. Healthcare organizations can look to best practices of other industries to identify ways to enhance their own cybersecurity.
9. Take precaution with bring-your-own-device policies. Organizations might benefit from a mobility usage policy outlining responsibilities, education and penalties for cybersecurity issues, according to the report. Certain software also can help protect data assets while physicians use their own devices. The report also suggests CSOs create an internal app store with pre-approved apps for both work and entertainment.
10. Secure the wireless network. Organizations should implement automated procedures that update devices and their security, ensure new products are secured and ensure former employees no longer have access to data, networks or equipment, suggests the report.
More articles on cybersecurity:
FBI: Hackers are targeting healthcare organizations
AHA releases cybersecurity resource for hospital boards
Costs of 3 security-related IT incidents