@font-face { font-family: “Calibri”; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 10pt; line-height: 115%; font-size: 11pt; font-family: “Times New Roman”; }div.Section1 { }
10 Ways to Mitigate Healthcare Security Risks
Here are 10 best practices hospital CIOs can use to assess and strengthen their organization’s risk posture.
Provide clear procedures for IT usage, including work-from-home policies and the use of mobile devices, USBs and other portable media. Incorporate strong internal data protection policies to ensure that the hospital fulfills its security and data protection obligations to its patients, and to HIPAA and other regulatory compliance mandates.
Data breach costs are board-level conversations because they adversely affect an organization’s bottom line and many other aspects of business. Make sure all parties know the value of hospital assets and their risk if compromised.
Ensure that your patch management processes are up to par and running smoothly. Gauge the business risk around each vulnerability and prioritize and streamline your patching efforts.
Medical devices manufactured by third-party providers must undergo stringent FDA evaluation. As a result, hospitals are prohibited from fortifying devices with external software or anything that could compromise their performance. Stay on top of medical device risk management policies and regulations.
Attend healthcare and cyber-security events and connect with IT security professionals at other healthcare institutions. This enables threat information to be shared industry-wide and allows IT professionals to build a united front that bolsters risk posture for everyone.
Review your insurance policies to determine the incidents and type of losses covered and amount of coverage, should those assets be compromised. Know ahead of time exactly what assets can and cannot be recovered.
To avoid a potentially painful audit, assess compliance and risk postures as they pertain to HIPPA and any other mandatory regulations. Be pre-emptive: Identify any overseen vulnerabilities early to avoid unnecessary compliance risk.
Invest in a cost-effective, third-party risk solution that includes risk-based classification, diligence and scoring, third-party benchmarking, and ongoing risk monitoring. This will significantly ease the burden for security personnel.
When contracting with third-party vendors, look at their security posture. Then consider their level of access to critical data and the network.
The vendor could pose a risk in the future. Regularly conduct bi-annual audits. This will result in good security hygiene and underscore a sense of accountability on the part of all third-party vendors.