BOSTON \u2014 Chief information security officer of Health and Human Services Christopher Wlaschin said to strengthen their security posture there are three steps that hospitals should be taking today: join forces, treat your patching report like your profit-and-loss report and, at the very least, consider multifactor authentication.<\/p>\n
If you have the capability, then jump into the NH-ISAC,\u201d here at the Healthcare Security Forum on Tuesday, Wlaschin said. \u201cThey can help. It\u2019s not just compliance, it\u2019s also about preparedness and resilience.\u201d<\/p>\n
Many speakers including Tom Ridge, former Homeland Security Secretary and Michael Daniel, President Obama\u2019s cybersecurity coordinator also recommended that InfoSec professionals participate in the NH-ISAC, which stands for the National Healthcare Information Sharing and Analysis Center.<\/p>\n
Phil Alexander, UMC Health System information security officer added that it\u2019s not just the ISAC. Other options also include the NIST and HITRUST frameworks, FBI and other listservs, Infragard.<\/p>\n
Wlaschin\u2019s second recommendation is to treat the patching report like a P&L \u2014 because it\u2019s really significant to a hospital\u2019s bottom line.<\/p>\n
Whereas collective key performance indicators, healthcare CEOs, consider are bed count, revenue, and compensation from CMS, to name just three, Wlaschin said the patching report should be among those KPIs.<\/p>\n
Wlaschin advised deploying multi-factor authentication at a bare minimum, if you cannot do either of those.<\/p>\n
It\u2019s not a secret that several hospitals still struggle with budget limitations that obstruct them for joining an ISAC or even implementing multi-factor authentication technologies.<\/p>\n
Bryan Fiekers, Senior Director of Research Services HIMSS Analytics said that according to the latest Healthcare IT and Risk Management Study, participating hospitals assign 6 or less percent of their IT budget to InfoSec. And despite that\u2019s the fact that more half of IT shops own risk management within the hospitals.<\/p>\n
HIMSS Analytics found the main drivers of security investments to be risk valuations and HIPAA audits by HHS Office for Civil Rights Fiekers added.<\/p>\n
Fiekers further expressed \u201cThose two are the cornerstones for IT security investments and that\u2019s true across all the categories of people we interviewed, the business, clinical and IT, Everyone\u2019s in compliance on compliance.\u201d<\/p>\n
HIPAA compliance is of course an obligatory baseline for securing patient\u2019s data. Wlasich\u2019s three tactics to employ right now build on that.<\/p>\n
Wlaschin further said \u201cOnly together will we make the healthcare sector more robust, the tide raises all boats. Together we\u2019ll address the problem, take care of the people who don\u2019t have the resources, make ourselves less susceptible to attack and more able to provide the patient care we are capable of giving.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
BOSTON \u2014 Chief information security officer of Health and Human Services Christopher Wlaschin said to strengthen their security posture there are three steps that hospitals should be taking today: join forces, treat your patching report like your profit-and-loss report and, at the very least, consider multifactor authentication. If you have the capability, then jump into the […]<\/a><\/p>\n","protected":false},"author":19,"featured_media":11673,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[436],"tags":[513,140,534,164,541,542],"class_list":["post-11672","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cloud-based","tag-ehr","tag-ehrnews","tag-emr","tag-emrfinder","tag-emrnews"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/posts\/11672","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/comments?post=11672"}],"version-history":[{"count":0,"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/posts\/11672\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/media\/11673"}],"wp:attachment":[{"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/media?parent=11672"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/categories?post=11672"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emrfinder.com\/blog\/wp-json\/wp\/v2\/tags?post=11672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}