Printer Friendly, PDF & Email

Tackling health IT challenges with a proven risk management strategy

Gerry Blass (gerry@complyassistant.com) is President and CEO at ComplyAssistant in Iselin, NJ, and Jason Tahaney (jason.tahaney@comop.org) is Director of Technology at Community Options Inc. in Princeton, NJ.

Whether we want to believe it or not, healthcare data breaches are prevalent throughout the industry. Even more alarming, an evaluation of recent cyber and ransomware attacks indicates that the size or type of healthcare organization is immaterial to would-be attackers. Hospitals, clinics, long-term and elderly care providers, dental and optometry practices, plastic surgeons, and medical testing facilities have all experienced cyberattacks since 2016.[1] In fact, a Ponemon Institute study cited that 89% of healthcare organizations have experienced a data breach.[2]

Malware, ransomware, phishing attacks, third-party vendor negligence, insider fraud, improper data access and disposal—all common sources of data breaches—can wreak havoc on a health system’s daily operations, negatively affect patient care, and threaten the safeguarding of protected health information. Ransomware attacks, one of the fastest-growing cybersecurity threats, are expected to quadruple by the end of 2020.[3]

In this article, we will use this analysis of the current healthcare cybersecurity landscape to:

  • Explore the most threatening risks in healthcare information technology (IT) and cybersecurity;

  • Discuss the critical role of a chief information security officer (CISO) in developing and maintaining strategic direction;

  • Identify the essential components of a comprehensive risk management strategy required to protect healthcare organizations from common security and compliance inconsistencies; and

  • Apply real-life strategies—including governance, oversight, data analysis, and field observation—to identify and respond to risk, maintain transparency, set budgets, and effectively track risk registries, assessments, and the mitigation process.

This document is only available to members. Please log in or become a member.