Clinical Cybersecurity: Applying Traditional Healthcare Risk Management to the Digital Age

July 25, 2017
911 Views

Written by Kurt Hagerman, CISO, Armor 

With the inherent complexities of the healthcare environment, as well as corresponding compliance requirements, organizations are seeking strategies to streamline efforts without compromising data security. Although strides have been made, healthcare is still in catch-up mode with other industries in terms of cybersecurity. Ground can be gained, however, by applying familiar clinical risk management principles to data protection that can be ready-made to achieve HIPAA compliance. Since healthcare has always been astute at identifying and managing risk in the clinical setting, aligning this thinking with a security posture will help provide a similar level of protection to sensitive data.

With a trove of financial and personal information coveted by criminals, healthcare organizations must not only comply with regulations but also allocate resources to cybersecurity that will make the process consistent and repeatable. Introducing tools such as HITRUST CSF Version 8 goes a long way in supporting cybersecurity, along with AICPA SOC2 reporting, contextual data de-identification, cloud services, and meeting expanded requirement details.

By rethinking cybersecurity and applying proven risk management techniques, organizations are better suited to face the challenges cybercriminals present. Healthcare organizations have a keen awareness of keeping patients safe in the physical environment, but from a digital perspective, many forces have aligned to make this a more challenging task.

Because of the prolific and diverse nature of threats and vulnerabilities due to the dramatic increase in the number of connected devices, healthcare organizations are spending enormous amounts of money to stop cyberattacks and achieve compliance. In addition, legacy infrastructure and devices were not designed with security in mind.

This is particularly concerning as healthcare data has far greater long-term value that does not diminish over time, as opposed to credit card or other financial information.  Healthcare data is not as frequently reviewed by users, and as a result, can be compromised and exploited for a far greater duration of time before measures are taken to stop its abuse.

Compliance standards must be complemented by a commitment to sound risk management to identify, respond to and ultimately protect against threats. The combination of regulatory compliance and traditional risk management in terms of cybersecurity can help proactively prepare for cyberattacks and mitigate threats against sensitive information to protect the organization and reduce liability.

In short, applying traditional clinical risk management principles to the cybersecurity environment can bring a new perspective to proactively anticipating and mitigating threats.

The time is now for healthcare providers to change their cybersecurity approach and transition from a reactionary mitigation response to a proactive position that prioritizes challenges. Organizations will then be able to work more effectively to not only ensure compliance but also place the protection of patients and the institution first and foremost.


Kurt Hagerman serves as CISO for Armor and is responsible for the governance, risk and compliance aspect of the security mission for both corporate and customer-facing products. To learn more, visit www.armor.com.

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

Ensuring the Integrity of HITRUST CSF® Assessments
CISO Corner
shares551 views
CISO Corner
shares551 views

Ensuring the Integrity of HITRUST CSF® Assessments

Sandra Omielanczuk - Jan 29, 2019

By Ken Vander Wal, Chief Compliance Officer HITRUST® There is a common theme among many of our clients following their…

Improving Cloud Security with a Shared Responsibility Model
CISO Corner
shares804 views
CISO Corner
shares804 views

Improving Cloud Security with a Shared Responsibility Model

Sierra Reed - Jan 07, 2019

HITRUST streamlines the process to determine who’s responsible for what security controls among your service providers By Hector Rodriguez, Worldwide…

From Providers to Patients: Time to Protect the Entire Healthcare Supply Chain
Leadership
shares774 views
Leadership
shares774 views

From Providers to Patients: Time to Protect the Entire Healthcare Supply Chain

Lacy Deatrich - Dec 18, 2018

Written by Taylor Lehmann, Chief Information Security Officer, Wellforce The patient-care ecosystem is a complex mix of healthcare providers, payers…