Health systems in Indiana are joining forces to help provide small healthcare providers with actionable cybersecurity measures.
The initiative, called Healthcare Cyber in a Box, was developed in collaboration with the Indiana Executive Council on Cybersecurity, a state-led effort originally established by former Gov. Mike Pence and continued under Govs. Eric Holcomb and Mike Braun.
The program, led by members of the council’s healthcare cybersecurity committee, brings together contributions from the state’s largest health systems — including Indianapolis-based Indiana University Health, Mishawaka-based Franciscan Alliance, Fort Wayne-based Parkview Health, Indianapolis-based Eskenazi Health and Indianapolis-based Community Health Network. The goal is to provide smaller healthcare organizations with cybersecurity resources tailored to their needs, offering guidance from larger systems that have more advanced infrastructure.
“The biggest thing we’ve found is that many organizations simply don’t have the time to research this [cybersecurity resources] on their own, given all their other challenges,” Mitchell Parker, vice president and chief information security officer of IU Health told Becker’s. “They need a reliable reference they can turn to, rather than having to start from scratch.”
The initiative offers organizations three levels of expert cybersecurity guidance — basic, intermediate and mature — covering 23 critical areas. These resources are available as a free download.
“For example, a user can look at a chart and see exactly what steps they need to take for email security based on their level,” David Ayers, program communications manager for the Indiana Executive Council on Cybersecurity told Becker’s. “The goal was to provide clear, actionable steps to help fill gaps and expand capabilities. It’s also important to note that Healthcare Cyber in a Box has already gone through several iterations — starting with the original version, then 2.0, 2.1, and now we’re working on 3.0. In that time, it’s been downloaded over 1,200 times.”
With the upcoming 3.0 version, the initiative is considering adding a front-page alert with immediate steps for organizations that suspect they’ve been attacked or are facing an incident, according to Mr. Ayers.
The need for such proactive measures is especially critical for rural hospitals, which are prime targets for cybercriminals due to outdated IT systems and limited resources, according to a recent Microsoft whitepaper. Studies show that smaller healthcare providers — those with fewer than 500 employees — face a disproportionate share of cyber threats compared to larger health systems.
“We see this as part of the broader healthcare ecosystem in the state, and we want to ensure that all the providers we work with can keep their information secure,” Mr. Parker said. “Above all, patients come first — we are committed to protecting them. When it comes to cybersecurity, the traditional business boundaries no longer apply. We all have to work together to safeguard our patients.”
