“For hospitals and other healthcare providers, a cyber-breach can have long-term financial implications.” — STEVE WHITTLE, OLIVE
Health-ISAC’s Chief Security Officer, Errol Weiss, participated in an executive Dialogue, resulting in this white paper with the American Health Information Management Association (AHIMA) and Olive AI.
Summary
Healthcare entities continue to face evolving cybersecurity threats that can put patient safety, privacy and operations at risk. Health information security breaches occur daily and will continue to accelerate as cyber-criminals recognize the value of patient data and the critical need for provider organizations to keep systems up and running. The cost of a data breach is astounding, and one few healthcare organizations can absorb as they continue to deal with the effects of the COVID-19 pandemic. Cyber insurance typically covers ransomware demands and remediation efforts, but insurers are paying increased attention to healthcare organizations’ cybersecurity strategies and overall cyberhygiene. The American Health Information Management Association (AHIMA) and Olive AI convened a panel of experts across healthcare for a roundtable discussion to explore best practices in cybersecurity and how healthcare organizations, vendors and suppliers can prepare for emerging cyber-threats.
Read or download the printable pdf white paper here:
ROUNDTABLE HIGHLIGHTS
Managing cyber-risks across the healthcare continuum is a complex, daunting task. The digitization of healthcare is reshaping care delivery and enhancing the quality and value of care. But it’s also exposing organizations across the healthcare enterprise to greater cyber-risks. While there is a no one-size-fits all approach to cybersecurity, there are best practices and key considerations healthcare entities should consider to protect the security and privacy of patient data, as well as the financial health and viability of organizations. Robust cybersecurity strategies extend beyond IT security, recognizing the potential impact of a cyberbreach on patient safety and privacy, finance, legal and compliance, operations and reputation.
The panel suggests an enterprise-wide risk management framework is necessary to bring visibility to potential cyber-threats and the need for vigilance to protect mission critical systems that ensure the availability and integrity of care. Ultimately, cybersecurity is a business risk because it impacts the health and welfare of the organization. As such, cybersecurity should be a business imperative led by senior leadership — with board oversight — to drive overall strategy and culture. Cybersecurity strategy must be consistent and organization-wide to be effective.
Leadership must demonstrate the link between cybersecurity and patient safety, the panel notes. The stakes are high: lost access to medical records and medical device operations puts patients at risk. Linking cybersecurity to patient safety helps obtain buy-in from all employees, regardless of their role, and supports the overall mission and vision of the organization. The panel also suggests tying cybersecurity to organizational and individual employee goals, when relevant, to further demonstrate its importance.