In our last post on Future Healthcare Today, we covered some of the recommendations made by the Healthcare Industry Cybersecurity Task Force within their recent Report on Improving Healthcare Industry Cybersecurity. The Task Force was put together in order to analyze and asses the current cybersecurity landscape within the healthcare industry and make recommendations for improvement. Today, we’ll cover the remaining findings from the Task Force. Continue reading to find out what they are.
Improve cybersecurity awareness and education. The Task Force believes an educated workforce and informed public is essential. To achieve this, they have recommended that trade and professional associations develop education campaigns so CISOs and security leaders can communicate with executive level leadership and Boards of Directors about the value of cybersecurity initiatives and funding. In addition, the Task Force has found that there is currently a lack best practices among healthcare systems. As such, they recommend that healthcare organizations collaborates with government and industry partners to develop campaigns that will increase healthcare cybersecurity awareness and literacy among health care providers, patients, and IT professionals.
Identify ways to protect research and development efforts from cyber attacks. The healthcare sector is consistently one of the biggest investors in R&D across the U.S. which creates an increase in threats of intellectual property and trade secret theft. The Task Force recommends an evaluation of the potential economic impact, reputational damage, loss of intellectual property, and other cybersecurity risks for healthcare R&D. Big data in the healthcare industry presents a unique set of challenges due to the size, valuable insights, and the volume of patient data handled by these systems. Entities that manage big data solutions should ensure that a detailed risk assessment is performed at frequent intervals and should be careful when determining what data is collected, retained, or deleted.
Improve information sharing of industry threats, weaknesses, and mitigations. The Task Force discovered there are diverse information needs among the large number of stakeholders involved in healthcare delivery. As such, information and guidance needs to be streamlined for quick and efficient consumption by all providers. The Task Force found that many organizations have incident response plans in place, but very few review their plans on a regular basis, so they should be regularly reviewed or tested put the healthcare industry at risk. Finally, the industry should implement cybersecurity incident response plans, which are reviewed and tested annually.