Cybersecurity on a Budget
Budgetary constraints often make it difficult for some hospitals to protect highly sensitive health information. But infosec experts say organisations just have to be creative to find the best approach to meeting security needs in the absence of a bigger budget.
One option is to get a vendor who is able to recommend the needed technology and other security needs. It's important to look towards vendors with a healthcare-focus that are able to provide the necessary security evaluations. The vendor's job is to figure out what the hospital needs that can both save time and effort.
The outsourced vendor will assess the hospital's EHR and other systems to see how things are connected and protected, and then determine what needs to be done to increase security, i.e., access control settings and backups, according to Diana Kelley, global executive security advisor for IBM Security.
They’ll also determine resources and how the organisation will work through those needs, either through a virtual CISO, part-time security employee or a local organisation that does outsourcing once a week or month. Kelley explained those needs are determined by the size of an organisation.
“At the end of the day, IT can run as a vendor-management function. But you need someone on site to manage outcomes and policies,” says Kris Lovejoy, CEO of security firm BluVector.
When hiring for the position, the hospital should evaluate its current technology and the role it needs to fill.
“What makes a good IT security specialist? A passion to learn and a desire to guard that data,” Kelley said. “In healthcare specifically, there are certain things the systems need to be able to run properly: the EHR needs certain things to run and medical devices need to be certified, amongst others. Healthcare needs a security person who understands these unique needs.”
Using these recommendations, a hospital can craft policies and training to help its staff understand the right way to do things that can limit the risk, explained Lovejoy.
All hospitals need to assign a group of people on site who are the security glue that holds the organisation together. Lovejoy said these employees – although not necessarily fully designated security staff – can manage and implement security needs, while measuring outcomes. Such employees can determine, for example, how long it takes to find a threat and shut it down.
To Kelley, it’s all part of the "new collar" positions coming into the healthcare position. These are employees within the organisation tasked with security, but with staunch healthcare backgrounds.
“It’s looking at security needs with a different approach,” Kelley noted. “It’s about getting creative.”
Source: Healthcare IT News
Image Credit: Pixabay
Published on : Tue, 1 Aug 2017