10 Ways to Mitigate Healthcare Security Risks

@font-face { font-family: “Calibri”; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 10pt; line-height: 115%; font-size: 11pt; font-family: “Times New Roman”; }div.Section1 { }

10 Ways to Mitigate Healthcare Security Risks

10 Ways to Mitigate Healthcare Security Risks

Here are 10 best practices hospital CIOs can use to assess and strengthen their organization’s risk posture.

Build a Company Culture That Emphasizes Data Security

Provide clear procedures for IT usage, including work-from-home policies and the use of mobile devices, USBs and other portable media. Incorporate strong internal data protection policies to ensure that the hospital fulfills its security and data protection obligations to its patients, and to HIPAA and other regulatory compliance mandates.

Recognize That Data Security Is Not Just an IT Issue

Data breach costs are board-level conversations because they adversely affect an organization’s bottom line and many other aspects of business. Make sure all parties know the value of hospital assets and their risk if compromised.

Identify Old Vulnerable Access Points

Ensure that your patch management processes are up to par and running smoothly. Gauge the business risk around each vulnerability and prioritize and streamline your patching efforts.

Manage Risk Around Medical Devices

Medical devices manufactured by third-party providers must undergo stringent FDA evaluation. As a result, hospitals are prohibited from fortifying devices with external software or anything that could compromise their performance. Stay on top of medical device risk management policies and regulations.

Take Advantage of Information Sharing

Attend healthcare and cyber-security events and connect with IT security professionals at other healthcare institutions. This enables threat information to be shared industry-wide and allows IT professionals to build a united front that bolsters risk posture for everyone.

Understand Limitations of Cyber-Insurance

Review your insurance policies to determine the incidents and type of losses covered and amount of coverage, should those assets be compromised. Know ahead of time exactly what assets can and cannot be recovered.

Proactively Conduct HIPAA Audits

To avoid a potentially painful audit, assess compliance and risk postures as they pertain to HIPPA and any other mandatory regulations. Be pre-emptive: Identify any overseen vulnerabilities early to avoid unnecessary compliance risk.

Invest in a Cost-Effective Third-Party Risk Solution

Invest in a cost-effective, third-party risk solution that includes risk-based classification, diligence and scoring, third-party benchmarking, and ongoing risk monitoring. This will significantly ease the burden for security personnel.

Assess Third-Party Vendor Security Before Hiring

When contracting with third-party vendors, look at their security posture. Then consider their level of access to critical data and the network.

Perform Regular Third-Party Audits and Assessments

The vendor could pose a risk in the future. Regularly conduct bi-annual audits. This will result in good security hygiene and underscore a sense of accountability on the part of all third-party vendors.