Experts interviewed by RPP recommended a variety of strategies to stay ahead of evolving security threats this year, particularly as the COVID-19 pandemic winds down and threats from highly capable bad actors ramp up.
The best approach to cybersecurity now is a more agile approach, said David Harlow, chief compliance officer at Insulet Corporation. “One way of framing this is ‘design thinking’—delving into the need in front of us at the moment, engaging in rapid prototyping and creative idea generation.”
To explain this, Harlow said he uses an analogy that’s been used in communicating how to protect against COVID-19: the Swiss cheese approach. “What does this mean? It means that we need many layers of protection (many slices of cheese),” he said. “Each slice may have a hole or two in it, but the holes don’t line up, so the effect of all the slices stacked up together is that there are no holes that run from the top of the stack through to the bottom. More concisely: The perfect is the enemy of the good. Each slice needs only to be good. If we wait for each slice to be perfect, we’ll still be waiting a year from now.”
Roger Shindell, founder and CEO of Carosh Compliance Solutions, said he expects training and general security awareness to be the most important HIPAA security issues this year. In response, health care entities should conduct online and in-person training on the latest threats and how to respond to them appropriately, he said. “Entities should also focus on defining HIPAA to employees and building that directly into their day-to-day culture.” Shindell lists three top priorities for health care entities to address: