Request Demo

According to an article published in HealthITSecurity this week, the healthcare industry is one that has been identified for improvement on threat detection methods. According to the data gathered and presented in the article, healthcare organizations have the people, processes, and many times the technology in place in their respective organizations, however, they don't have the detection mechanisms in place to recover effectively from a healthcare cyber attack.

The recent CynergisTek report showed that these healthcare entities ranked highest in response and recovery in the Core Elements of the NIST Cybersecurity Framework. Aside from more standard healthcare IT compliance frameworks such as HIPAA and HITRUST, the NIST CSF is voluntary and has brought more visibiltiy to assessing baseline cyber strength then ever before.

Battling Cyber Security Threats in Heathcare is No Easy Task    

The third annual HIMSS and Symantec risk management study showed that there was a high priority on healthcare risk assessments than previously. Healthcare organizations are especially vulnerable and having their data in the hands of those who wish to exploit it would be disasterous. Health plans, research institutions, and hospitals handle assets that digitization has made more vulnerable as its evolved.

In order to assess the healthcare industry's cyber risks, it's important to understand the systems that should be protected as well as the data that lies inside those systems. It's also important to know what effects a cyber attack would have on these systems and institutions. Impact has to be minimal in order for the insitution to stay functioning and providing care for those in need. The overall process of assessing risk and complying to industry and national cybersecurity best practices is no easy task. Security assessments are necessary to understanding where your organization stands on compliance.

Cybersecurity Frameworks of Choice for the Healthcare Industry

According to another recent article on cyber risk management in the healthcare secctor, "The HIMSS and Symantec study showed that 62.5 percent of healthcare organizations adopted the NIST Cybersecurity Framework to help with HIPAA risk assessments, while 36.5 percent said they use HITRUST."  According to the HITRUST Alliance, "a growing number of healthcare organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will now require their business associates to obtain HITRUST CSF Certification as a means of demonstrating effective security and privacy practices aligned with the requirements of the healthcare industry."

HIPAA is of course the standard regulatory framework for the industry, but more experts are saying that all things are pointing towards NIST. The National Law Review predicts that HIPAA may merge with the NIST Cybersecurity Framework. "The Task Force recommends the establishment of a consistent, consensus-based health care specific Cybersecurity Framework, and points to the NIST Cybersecurity Framework and the HIPAA Security Rule as a foundation on which this new framework could be built."

More and more healthcare organizations are adopting the NIST Cybersecurity Framework. It is imperative to test, manage, and mitigate your cyber posture internally in order to understand your vulnerabilities and know where to allocate resources for the highest impact on cyber strength. Prioritize your cybersecurity budget and team as so many of these healthcare organizations have already done. In addition, you should be keeping track of cyber attacks and how to eradicate your vulnerabilities.

All-In-One Solution: Streamline NIST Cybersecurity Framework, HIPAA and HITRUST Compliance

Unfortunately, compliance is never a small feat, and it can be complex to implement these best practices. CyberStrong streamlines the NIST Cybersecurity Framework as well as any other frameworks including HITRUST and HIPAA, so that Healthcare organizations can assess themselves with agility against these frameworks or even a hybrid combination of many.






You may also like

The Cybersecurity Skills Gap: The ...
on February 7, 2019

The cybersecurity skills gap is nothing new to the seasoned cyber professional. It has been widely discussed in cyber and information security circles for some time. The main flag ...

George Wrenn
The Post-Digitization CISO
on February 5, 2019

Information leaders in digital businesses, whether focusing on optimization or a full transformation, are inherently altering their position among the executive leadership. As ...

Integrated Risk Management and ...
on January 31, 2019

With technology permeating every aspect of a business, one begins to wonder what technology is reserved for digital risk management rather than the other facets of integrated risk ...

Department of Defense Launches ...
on January 29, 2019

The Defense Federal Acquisition Regulation Supplement (DFARS) mandate, specifically Clause 252.204-7012 requiring all members of the Department of Defense’s supply chain to comply ...

Digital Risk Management Frameworks
on January 24, 2019

As organizations continue to embrace digitization, security teams are faced with the challenge of keeping the enterprise secure while empowering growth and innovation. Many CISO’s ...

The Cybersecurity Impact Of The ...
on January 23, 2019

There has been a great deal of speculation around the cybersecurity posture of the nation in light of the most recent (and longest documented) government shutdown. I’ve seen two ...

George Wrenn