10 Ways To Strengthen Healthcare Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Security & Privacy
News
8/26/2014
10:06 AM
Alison Diana
Alison Diana
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

10 Ways To Strengthen Healthcare Security

As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps?
2 of 11

Hire a CSONaming or hiring a C-level executive with security expertise to oversee their physical and cyber security is a must for healthcare organizations. Adding security responsibilities to another executive's job description doesn't work: Security is too complex, too integral, and too fluid to be one of many tasks on a to-do list. Healthcare experience, while valuable, should not be the main priority. Executives knowledgeable in security will quickly pick up an organization's workflow, lingo, and criteria. It's much harder to glean security expertise on the job, experts say. 
Smaller organizations without the infrastructure or resources to hire a CSO should consider outsourcing the job to a professional services firm that specializes in healthcare security. Make sure an attorney reviews the contract and that any prospective partner meets business associate requirements. Alternatively, organizations can hire a temporary CSO. These are security professionals with industry expertise who review the situation, create guidelines and roadmaps, and work for a contracted period, such as a year, said Brian Evans, senior managing consultant at IBM Security Services, in an interview last month.

Hire a CSO
Naming or hiring a C-level executive with security expertise to oversee their physical and cyber security is a must for healthcare organizations. Adding security responsibilities to another executive's job description doesn't work: Security is too complex, too integral, and too fluid to be one of many tasks on a to-do list. Healthcare experience, while valuable, should not be the main priority. Executives knowledgeable in security will quickly pick up an organization's workflow, lingo, and criteria. It's much harder to glean security expertise on the job, experts say.

Smaller organizations without the infrastructure or resources to hire a CSO should consider outsourcing the job to a professional services firm that specializes in healthcare security. Make sure an attorney reviews the contract and that any prospective partner meets business associate requirements. Alternatively, organizations can hire a temporary CSO. These are security professionals with industry expertise who review the situation, create guidelines and roadmaps, and work for a contracted period, such as a year, said Brian Evans, senior managing consultant at IBM Security Services, in an interview last month.

2 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:57:15 PM
Re: So easy even a CEO can see it
Oh, absolutely, Henrisha! We've all made silly mistakes, I'd bet. It's one reason automation and rules are so important. Forcing users to change their passwords every X months, for example, and forcing them to use eight characters, including at least one capital, one number, and one symbol could well eliminate the potential of duplicating another site's password. That's just one example of using technology to override our natural inclination to take the easy way out and use the same Password123 for every single site we visit!
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:38:19 PM
Re: Healthcare security
Absolutely! It's one reason a CSO is so important. They should either be strong in governance or, depending on the organization, work with lead counsel on these efforts to ensure data policies and guidance are strong -- and followed.
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:37:03 PM
Re: CSO?
I can see why the thought of another c-level might appear unnecessary but who is responsible for security if not a CSO? The CIO? Well, the CIO already oversees everything IT -- and security isn't only tech-related. The CFO? Security should not be ruled by finance, otherwise money talks and security measures walk. The CEO? They have enough responsiblities already? And we know what happens when anything is ruled by committee! The problem with having a lower-level person rule security is it doesn't get enough visibility or leverage, and requests flounder. So I stick by that recommendation, a recommendation I picked up from many security professionals. And it's a great goal for security execs who aspire to the c-suite.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:34:25 PM
Re: So easy even a CEO can see it
Exactly! Surely you'd want a chief SECURITY officer to be expert in security. Healthcare experience will come. This exec certainly is motivated to learn the ins and outs of the business -- and even if someone knows one hospital, each facility has its own nuances and workflows anyway!
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/26/2014 | 3:36:35 PM
Re: Healthcare security
That's a great point. Hackers are less likely to be the culprits. It's much more likely to be employees, accidentally or on purpose. And as we've seen from breaches in both healthcare and other industries, all too often they occur because simple steps are not taken. Automating processes really helps; it eliminates the need for someone to remember to do something, always a good thing! 
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
Commentary
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
Slideshows
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll