Request Demo

According to an article published in HealthITSecurity this week, the healthcare industry is one that has been identified for improvement on threat detection methods. According to the data gathered and presented in the article, healthcare organizations have the people, processes, and many times the technology in place in their respective organizations, however, they don't have the detection mechanisms in place to recover effectively from a healthcare cyber attack.

The recent CynergisTek report showed that these healthcare entities ranked highest in response and recovery in the Core Elements of the NIST Cybersecurity Framework. Aside from more standard healthcare IT compliance frameworks such as HIPAA and HITRUST, the NIST CSF is voluntary and has brought more visibiltiy to assessing baseline cyber strength then ever before.

Battling Cyber Security Threats in Heathcare is No Easy Task    

The third annual HIMSS and Symantec risk management study showed that there was a high priority on healthcare risk assessments than previously. Healthcare organizations are especially vulnerable and having their data in the hands of those who wish to exploit it would be disasterous. Health plans, research institutions, and hospitals handle assets that digitization has made more vulnerable as its evolved.

In order to assess the healthcare industry's cyber risks, it's important to understand the systems that should be protected as well as the data that lies inside those systems. It's also important to know what effects a cyber attack would have on these systems and institutions. Impact has to be minimal in order for the insitution to stay functioning and providing care for those in need. The overall process of assessing risk and complying to industry and national cybersecurity best practices is no easy task. Security assessments are necessary to understanding where your organization stands on compliance.

Cybersecurity Frameworks of Choice for the Healthcare Industry

According to another recent article on cyber risk management in the healthcare secctor, "The HIMSS and Symantec study showed that 62.5 percent of healthcare organizations adopted the NIST Cybersecurity Framework to help with HIPAA risk assessments, while 36.5 percent said they use HITRUST."  According to the HITRUST Alliance, "a growing number of healthcare organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will now require their business associates to obtain HITRUST CSF Certification as a means of demonstrating effective security and privacy practices aligned with the requirements of the healthcare industry."

HIPAA is of course the standard regulatory framework for the industry, but more experts are saying that all things are pointing towards NIST. The National Law Review predicts that HIPAA may merge with the NIST Cybersecurity Framework. "The Task Force recommends the establishment of a consistent, consensus-based health care specific Cybersecurity Framework, and points to the NIST Cybersecurity Framework and the HIPAA Security Rule as a foundation on which this new framework could be built."

More and more healthcare organizations are adopting the NIST Cybersecurity Framework. It is imperative to test, manage, and mitigate your cyber posture internally in order to understand your vulnerabilities and know where to allocate resources for the highest impact on cyber strength. Prioritize your cybersecurity budget and team as so many of these healthcare organizations have already done. In addition, you should be keeping track of cyber attacks and how to eradicate your vulnerabilities.

All-In-One Solution: Streamline NIST Cybersecurity Framework, HIPAA and HITRUST Compliance

Unfortunately, compliance is never a small feat, and it can be complex to implement these best practices. CyberStrong streamlines the NIST Cybersecurity Framework as well as any other frameworks including HITRUST and HIPAA, so that Healthcare organizations can assess themselves with agility against these frameworks or even a hybrid combination of many.

 

Get a FREE DEMO

 

 

 

You may also like

Contextualize Quantified Cyber ...
on April 11, 2019

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT ...

NYDFS Implementation Grace Period ...
on April 9, 2019

Following the Equifax breach and growing concerns about the posture of the financial industry, New York State Department of Financial Services (NYDFS) released the initial ...

CEO's - Do You Know Where That ...
on April 5, 2019

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. With headlines dominated by breaches and hearings of information ...

Jerry Layden
Carbon Black Report Indicates ...
on April 2, 2019

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning ...

Legacy GRC And The Sunk Cost ...
on March 28, 2019

Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to ...

Alison Furneaux
What To Expect From The Imminent ...
on April 6, 2019

While the NIST Privacy Framework may be the headliner for the most anticipated new publication from the National Institute of Standards and Technology, there are two imminent ...