Clinical Cybersecurity: Applying Traditional Healthcare Risk Management to the Digital Age

July 25, 2017
1003 Views

Written by Kurt Hagerman, CISO, Armor 

With the inherent complexities of the healthcare environment, as well as corresponding compliance requirements, organizations are seeking strategies to streamline efforts without compromising data security. Although strides have been made, healthcare is still in catch-up mode with other industries in terms of cybersecurity. Ground can be gained, however, by applying familiar clinical risk management principles to data protection that can be ready-made to achieve HIPAA compliance. Since healthcare has always been astute at identifying and managing risk in the clinical setting, aligning this thinking with a security posture will help provide a similar level of protection to sensitive data.

With a trove of financial and personal information coveted by criminals, healthcare organizations must not only comply with regulations but also allocate resources to cybersecurity that will make the process consistent and repeatable. Introducing tools such as HITRUST CSF Version 8 goes a long way in supporting cybersecurity, along with AICPA SOC2 reporting, contextual data de-identification, cloud services, and meeting expanded requirement details.

By rethinking cybersecurity and applying proven risk management techniques, organizations are better suited to face the challenges cybercriminals present. Healthcare organizations have a keen awareness of keeping patients safe in the physical environment, but from a digital perspective, many forces have aligned to make this a more challenging task.

Because of the prolific and diverse nature of threats and vulnerabilities due to the dramatic increase in the number of connected devices, healthcare organizations are spending enormous amounts of money to stop cyberattacks and achieve compliance. In addition, legacy infrastructure and devices were not designed with security in mind.

This is particularly concerning as healthcare data has far greater long-term value that does not diminish over time, as opposed to credit card or other financial information.  Healthcare data is not as frequently reviewed by users, and as a result, can be compromised and exploited for a far greater duration of time before measures are taken to stop its abuse.

Compliance standards must be complemented by a commitment to sound risk management to identify, respond to and ultimately protect against threats. The combination of regulatory compliance and traditional risk management in terms of cybersecurity can help proactively prepare for cyberattacks and mitigate threats against sensitive information to protect the organization and reduce liability.

In short, applying traditional clinical risk management principles to the cybersecurity environment can bring a new perspective to proactively anticipating and mitigating threats.

The time is now for healthcare providers to change their cybersecurity approach and transition from a reactionary mitigation response to a proactive position that prioritizes challenges. Organizations will then be able to work more effectively to not only ensure compliance but also place the protection of patients and the institution first and foremost.


Kurt Hagerman serves as CISO for Armor and is responsible for the governance, risk and compliance aspect of the security mission for both corporate and customer-facing products. To learn more, visit www.armor.com.

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

Unraveling the California Consumer Privacy Act and How HITRUST Can Help
Privacy
shares223 views
Privacy
shares223 views

Unraveling the California Consumer Privacy Act and How HITRUST Can Help

Lacy Deatrich - Apr 03, 2019

Written by Anne Kimbol, Chief Privacy Officer, HITRUST The California Consumer Privacy Act of 2018 (CCPA) is a lightning rod…

HITRUST Expands Its Focus on International Data Protection Laws
Privacy
shares401 views
Privacy
shares401 views

HITRUST Expands Its Focus on International Data Protection Laws

Lacy Deatrich - Mar 07, 2019

Written by Anne Kimbol, Chief Privacy Officer, HITRUST The rapid speed and increased movement of information illustrates the need for…

The Paubox™ HITRUST Journey
Security
shares135 views
Security
shares135 views

The Paubox™ HITRUST Journey

Lacy Deatrich - Mar 07, 2019

Written by Hoala Greevy, CEO, Paubox Our HITRUST journey began eleven months ago when a Fortune 50 company reached out…