Cybersecurity is a top of mind issue for companies across all industries, and many organizations have launched projects and initiatives to strengthen this area of business.
CSO magazine honors 50 security projects each year that deliver business value through innovative risk and security concepts and technologies. This year, 11 of those 50 were in the healthcare industry.
Aetna's Trusted Email program: Payer Aetna launched this email authentication program to remove fraudulent emails on the Internet that appear to be sent from Aetna after discovering a malicious botnet targeting one of Aetna's medical management companies. Within three days, approximately 188,000 emails were blocked from being delivered. (No. 4 overall)
Atlantic Health System's Securing Nuclear and Radiological Material program: Morristown, N.J.-based Atlantic Health System partnered with the National Nuclear Security Administration's Global Threat Reduction Initiative and Domestic Threat Reduction Program to implement technology and procedures to secure nuclear and radiological material at the hospital that is often used for medical diagnoses and cancer treatments. The program was implemented in 2013, and there have been 12 attempts to access the materials, all of which have been stopped. (No. 5 overall)
BCBS Detecting Advanced Cyberthreats with Big Data Visualization: Blue Cross Blue Shield of Illinois, Texas, New Mexico, Montana and Oklahoma implemented a project to detect cyberthreats using big data visualization solutions. BCBS implemented operational intelligence software that uses search and discovery capabilities to determine the efficiency of its security systems. (No. 9 overall)
BCBS of North Carolina's Safely and Securely Unlocking Social Media program: Blue Cross Blue Shield of North Carolina launched a project to recognize the appropriate use of social media at work. Called "Social Media: Employee Access Project," the payer implemented data loss prevention technology, computer-based training, user guides and updated policies to provide employee's safe and secure access to social media. (No. 10 overall)
BCBS of Michigan's Role-based Access Management program: Blue Cross Blue Shield of Michigan set out to simplify system access for more than 200 different applications. The payer educated users and simplified the access to 500 LAN and 500 application business roles. (No. 11 ovreall)
Brown University HIV Researchers' Cloud-secured Dropbox program: Researchers from Providence, R.I.-Brown University who conducted research in South Africa needed to find a way to enable field researchers studying HIV to share audio, video and document files while also meeting rules regarding the usage and storage of sensitive data. The IT department and researchers implemented a solution to encryption data stored in the cloud, allowing them to coordinate with researchers in several locations. (No. 13 overall)
Children's Healthcare of Atlanta's Securing Patient Records program: Children's Healthcare of Atlanta implemented a "Break-the-Glass" project to safeguard the protected health information of patients and employees in the EMR. If a hospital employee attempts to access a record, the BRG program prompts them to select a valid business reason for viewing the record and requires them to re-enter their password. Inappropriate accesses to records decreased by 98 percent. (No. 15 overall)
Fletcher Allen Health Care's User Satisfaction and Information Security program: Fletcher Allen Health Care, now The University of Vermont Medical Center in Burlington, adopted Imprivata's OneSign solution to reduce the number of incidences clinicians and employees had to remember passwords and credentials for any of the applications or operating systems. (No. 19 overall)
Fraser Health's Site Security Incident Reporting System: To combine and condense site security reporting systems across Fraser Health's four health organizations, the system implemented Integrated Protection Services' Site Security Incident Reporting System. The British Columbia, Canada-based health system now stores incident reports on a centralized, secure network. (No. 20 overall)
South Carolina Health and Human Services' MARS-E Implementation program: In just one year, the South Carolina Department of Health and Human Services had to implement Federal Information Security Management Act compliance standards, a project that typically takes more than five years. (No. 35 overall)
Texas Health Resources' Threat Management program: Dallas-based Texas Health Resources used key threat management concepts that kept up with the complexity of their systems to better detect threats. (No. 37 overall)
More articles on cybersecurity:
3 barriers, 2 solutions to healthcare cybersecurity
Obama calls for more direct data sharing between public, private sectors
In breach event, to whom should CISOs report?