10 Ways to Mitigate Healthcare Security Risks

 
 
By Karen A. Frenkel  |  Posted 09-19-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    10 Ways to Mitigate Healthcare Security Risks
    Next

    10 Ways to Mitigate Healthcare Security Risks

    Here are 10 best practices hospital CIOs can use to assess and strengthen their organization's risk posture.
  • Previous
    Build a Company Culture That Emphasizes Data Security
    Next

    Build a Company Culture That Emphasizes Data Security

    Provide clear procedures for IT usage, including work-from-home policies and the use of mobile devices, USBs and other portable media. Incorporate strong internal data protection policies to ensure that the hospital fulfills its security and data protection obligations to its patients, and to HIPAA and other regulatory compliance mandates.
  • Previous
    Recognize That Data Security Is Not Just an IT Issue
    Next

    Recognize That Data Security Is Not Just an IT Issue

    Data breach costs are board-level conversations because they adversely affect an organization's bottom line and many other aspects of business. Make sure all parties know the value of hospital assets and their risk if compromised.
  • Previous
    Identify Old Vulnerable Access Points
    Next

    Identify Old Vulnerable Access Points

    Ensure that your patch management processes are up to par and running smoothly. Gauge the business risk around each vulnerability and prioritize and streamline your patching efforts.
  • Previous
    Manage Risk Around Medical Devices
    Next

    Manage Risk Around Medical Devices

    Medical devices manufactured by third-party providers must undergo stringent FDA evaluation. As a result, hospitals are prohibited from fortifying devices with external software or anything that could compromise their performance. Stay on top of medical device risk management policies and regulations.
  • Previous
    Take Advantage of Information Sharing
    Next

    Take Advantage of Information Sharing

    Attend healthcare and cyber-security events and connect with IT security professionals at other healthcare institutions. This enables threat information to be shared industry-wide and allows IT professionals to build a united front that bolsters risk posture for everyone.
  • Previous
    Understand Limitations of Cyber-Insurance
    Next

    Understand Limitations of Cyber-Insurance

    Review your insurance policies to determine the incidents and type of losses covered and amount of coverage, should those assets be compromised. Know ahead of time exactly what assets can and cannot be recovered.
  • Previous
    Proactively Conduct HIPAA Audits
    Next

    Proactively Conduct HIPAA Audits

    To avoid a potentially painful audit, assess compliance and risk postures as they pertain to HIPPA and any other mandatory regulations. Be pre-emptive: Identify any overseen vulnerabilities early to avoid unnecessary compliance risk.
  • Previous
    Invest in a Cost-Effective Third-Party Risk Solution
    Next

    Invest in a Cost-Effective Third-Party Risk Solution

    Invest in a cost-effective, third-party risk solution that includes risk-based classification, diligence and scoring, third-party benchmarking, and ongoing risk monitoring. This will significantly ease the burden for security personnel.
  • Previous
    Assess Third-Party Vendor Security Before Hiring
    Next

    Assess Third-Party Vendor Security Before Hiring

    When contracting with third-party vendors, look at their security posture. Then consider their level of access to critical data and the network.
  • Previous
    Perform Regular Third-Party Audits and Assessments
    Next

    Perform Regular Third-Party Audits and Assessments

    The vendor could pose a risk in the future. Regularly conduct bi-annual audits. This will result in good security hygiene and underscore a sense of accountability on the part of all third-party vendors.
 

A steady cadence of hospitals fell victim to attackers exploiting old or outdated vulnerabilities that could have been fixed. In June, a hacker reportedly sold 655,000 patient records on the Dark Web. That ballooned to 9.3 million patient records after attackers accessed patient names, Social Security numbers, gender, insurance data and other information. One reason for the series of attacks, according to RiskVision CEO Joe Fantuzzi: Hospitals have spent years locking down their internal fortresses, but have paid little attention to risks associated with third parties, healthcare technology devices and software. Another reason: hospitals face the challenge of ensuring that their security environment is in-line with healthcare compliance and regulatory policies. Most hospitals and healthcare organizations don't have proactive operational and security risk management steps to address some of their glaring vulnerabilities and third party security gaps. As a result, these attacks will likely get worse before they improve. In light of this increasingly complex and treacherous risk environment, Fantuzzi offers 10 best practices to assess and strengthen healthcare risk posture.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...