Smaller healthcare providers are more likely to struggle at following cybersecurity best practices while large healthcare providers tend to have mature, sophisticated defenses, according to a KLAS and CHIME study and cited by the HIPAA Journal.
KLAS and CHIME examined the responses to the 2018 Healthcare's Most Wanted survey that was issued to around 600 healthcare providers.
Responses showed that large healthcare organizations are more proactive and conduct regular vulnerability scans. Smaller healthcare organizations rely on penetration tests to identify vulnerabilities.
Large healthcare providers were also more likely to have governance, risk management and compliance committees. Smaller healthcare organizations were less likely to use network segmentation and multifactor authentication.
HSS formed a task force in 2015 to help healthcare providers manage risks. Here are nine principles for providers to follow:
- Email protection systems.
- Endpoint protection systems.
- Access management.
- Data protection and loss prevention.
- Network management.
- Vulnerability management.
- Incident response.
- Medical device security.
- Cybersecurity policies.