6 Things Healthcare Execs Should Do to Prepare for Cyber Threats
In addition to delaying care, ransomware can compromise patient data, damage information systems, and hurt an organization's reputation.
"The cleanup can cost a lot," he says.
Leinonen offers insights to hospital and healthcare system leaders about how to be as prepared as possible for cyber threats. Six points for leadership to consider are:
- Define organization-specific goals to improve security and develop a practical plan.
- Prioritize resource allocation, including money and people power. (The 2017 HIMSS Cybersecurity Survey found that 71% of the organizations included in the survey allocate specific budget toward cybersecurity. Additionally, 80% of IT leaders said their organization employs dedicated cybersecurity staff).
- Conduct real-life exercises and drills that consider overall organizational response and what the clinical workflow would be in the case of an attack (including the chance of reverting to a paper workflow).
- Create a complete and detailed inventory of assets that are connected to the hospital networks. "It's probably near impossible to tackle it unless you know the types of assets that are in your organization and what they're used for," Leinonen says.
- Involve everyone in the organization, which can be as small as reminding everyone not to click on suspicious emails. "It requires a collaboration in the org; this is not just an IT headache," Leinonen says. "This is something where every department in the facility can contribute to the overall security posture."
- Institute a plan for identifying when software updates are available, confirming whether a device can be safely updated, and applying the updates in a timely manner.