Hospitals and health system boards have a responsibility to focus on cybersecurity as cyberattacks harm the entire enterprise, not just the IT department, the American Hospital Association reported.
"Boards should understand that cyber-risk represents an enterprise risk to the organization and is primarily a risk to patient safety," John Riggi, national advisor for cybersecurity and risk for the American Hospital Association, said in the October story. "We have seen repeatedly, unfortunately, hundreds of ransomware attacks on hospitals and health systems during the last several years, a significant disruption and delay to healthcare delivery."
2023 is on pace to shatter previous records for hospital and health system data thefts and ransomware attacks, Mr. Riggi noted. So he recommended that boards receive a cyberthreat briefing at least annually, bring in outside experts to brief them about the national threat overview, and assess the cyber-risk of every merger and acquisition.
Here are questions all hospital and health system board members should know the answers to, according to Mr. Riggi:
1. Has the organization mapped its entire computer network, including connections with third parties?
2. Do they understand how expansive their network is?
3. What are the internal and external clinical and operational dependencies on the availability of their computer networks?
4. If they are hit with a ransomware attack, and are forced to shut down their networks, what would be the disruption to those internal and external functions that rely on the availability of network and internetinternet-connectedogy?