Clinical Cybersecurity: Applying Traditional Healthcare Risk Management to the Digital Age

July 25, 2017
676 Views

Written by Kurt Hagerman, CISO, Armor 

With the inherent complexities of the healthcare environment, as well as corresponding compliance requirements, organizations are seeking strategies to streamline efforts without compromising data security. Although strides have been made, healthcare is still in catch-up mode with other industries in terms of cybersecurity. Ground can be gained, however, by applying familiar clinical risk management principles to data protection that can be ready-made to achieve HIPAA compliance. Since healthcare has always been astute at identifying and managing risk in the clinical setting, aligning this thinking with a security posture will help provide a similar level of protection to sensitive data.

With a trove of financial and personal information coveted by criminals, healthcare organizations must not only comply with regulations but also allocate resources to cybersecurity that will make the process consistent and repeatable. Introducing tools such as HITRUST CSF Version 8 goes a long way in supporting cybersecurity, along with AICPA SOC2 reporting, contextual data de-identification, cloud services, and meeting expanded requirement details.

By rethinking cybersecurity and applying proven risk management techniques, organizations are better suited to face the challenges cybercriminals present. Healthcare organizations have a keen awareness of keeping patients safe in the physical environment, but from a digital perspective, many forces have aligned to make this a more challenging task.

Because of the prolific and diverse nature of threats and vulnerabilities due to the dramatic increase in the number of connected devices, healthcare organizations are spending enormous amounts of money to stop cyberattacks and achieve compliance. In addition, legacy infrastructure and devices were not designed with security in mind.

This is particularly concerning as healthcare data has far greater long-term value that does not diminish over time, as opposed to credit card or other financial information.  Healthcare data is not as frequently reviewed by users, and as a result, can be compromised and exploited for a far greater duration of time before measures are taken to stop its abuse.

Compliance standards must be complemented by a commitment to sound risk management to identify, respond to and ultimately protect against threats. The combination of regulatory compliance and traditional risk management in terms of cybersecurity can help proactively prepare for cyberattacks and mitigate threats against sensitive information to protect the organization and reduce liability.

In short, applying traditional clinical risk management principles to the cybersecurity environment can bring a new perspective to proactively anticipating and mitigating threats.

The time is now for healthcare providers to change their cybersecurity approach and transition from a reactionary mitigation response to a proactive position that prioritizes challenges. Organizations will then be able to work more effectively to not only ensure compliance but also place the protection of patients and the institution first and foremost.


Kurt Hagerman serves as CISO for Armor and is responsible for the governance, risk and compliance aspect of the security mission for both corporate and customer-facing products. To learn more, visit www.armor.com.

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

New National Risk Management Center to Help Combat Cybersecurity
Security
shares989 views
Security
shares989 views

New National Risk Management Center to Help Combat Cybersecurity

Lacy Deatrich - Aug 24, 2018

Details forthcoming in new Department of Homeland Security initiative Written by Carl Anderson, Chief Legal Officer & Senior Vice President…

HITRUST 2018: Here’s an Impressive Set of Experts Ready to Share Their Risk Management Knowledge
Leadership
shares634 views
Leadership
shares634 views

HITRUST 2018: Here’s an Impressive Set of Experts Ready to Share Their Risk Management Knowledge

Lacy Deatrich - Aug 07, 2018

Written by HITRUST Independent Security Journalist Sean Martin. With HITRUST 2018 coming up soon—September 11-13 at the Gaylord Texan Resort…

HITRUST Sessions Demonstrate the Value of Using a Framework for Certification and How Cybersecurity Efforts Need to Consider the Physician Perspective
Leadership
shares718 views
Leadership
shares718 views

HITRUST Sessions Demonstrate the Value of Using a Framework for Certification and How Cybersecurity Efforts Need to Consider the Physician Perspective

Lacy Deatrich - May 03, 2018

Written by HITRUST Independent Security Journalist Sean Martin. As part of the commitment to support and engage with healthcare organizations…