As Ransomware incidents have spread throughout healthcare, CISOs of hospitals have been under increasing pressure to safeguard the security and privacy of patient and other data at their facilities.
But a recent report from ICIT has shown that CISOs now have to deal with an avalanche of information from IT security vendors touring for business and not all of it is helpful or even accurate.
In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget, said ICIT. "They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organisation.”
While trying to secure solutions that are the most
economical CISOs are drowning in sales spiels by vendors claiming to have the
security solutions to a hospital’s problems.
See Also: Improve Cybersecurity: Fire CEOs?
The report points to the fact that in the past five years,
more than 1,200 cybersecurity start-ups companies have been funded with $7.3
billion. With the competition so tough, many make promises they cannot keep
regarding healthcare IT security.
In an aim to keep development costs at a minimum, these fledgling companies attract CISOs to try out “minimally viable” products and garner responses in a form of market research before refining the tools for wider release.
"The process often nets the CISO a discount and occasionally results in a customized and refined solution to the cybersecurity problem," said ICIT. "However, every time a CISO discovers that the adopted vendor solution is unreliable, they must either adopt or develop a replacement solution."
The stress faced by CISOs contributes to the average 17-month turnover in the professions, ICIT added.
Source: Healthcare IT News
Image Credit: Pixabay