HIMSS has just released their 2016 Cybersecurity Study; and it’s no surprise that healthcare has a huge target on them for cybersecurity breaches that continue to put patient data at risk. In fact, of the 150 respondents representing U.S. based provider organizations:
80 percent of providers in 2016 admitted that their organization had experienced a recent “significant security incident”
Ergo, again no surprise that healthcare providers are motivated to elevate information security as a business priority based on the pervasiveness of these security attacks and breaches.
This is a good start – but exactly how does an organization become “information security prepared”?
Some might say:
- by meeting HIPAA compliance
- by utilizing a number of information security tools
But these approaches barely scratch the surface when it comes down to it. In an interview with Ron Mehring, Chief Information Security Officer at Texas Health Resources, he shares his stand on information security,
You need to have a great response plan and be prepared for that inevitable breach at the tactical and technical level, but also at the executive level. You need to make sure everyone understands that it could happen and have a plan.”
Have an Information Security Plan
This plan, as identified by Mehring, is generally part information security strategy as developed by a CISO. But according to the 2016 HIMSS Cybersecurity Study, only 9% of the provider organizations surveyed had a CISO. Why this surprisingly low percentage as information security has been overwhelmingly identified as a high priority?
One of the key findings in the report clearly answers this question.
Barriers to elevating cybersecurity were the lack of appropriate cybersecurity personnel 58% (acute) 62% (non-acute), and lack of financial resources 50% (acute) 71% (non-acute)
This dual deficit of lack of appropriate cybersecurity personnel and lack of financial resources could present significant challenges for an organization to nurture their information security health. In fact, without clear information security leadership and strategy, healthcare organizations are ripe for cyber-disaster. However, there is a solution that eliminates these barriers, and can be implemented immediately.
Virtual CISO (vCISO) Meets the Needs of Healthcare
Orchestrate Healthcare announced in March 2016 the public launch of our Information Security (IS) Practice. As an integral component of this practice, our virtual or vCISO offering provides a flexible, affordable approach to healthcare organizations. Organizations can opt to retain a vCISO for just a few hours per month to ensure their security programs are on track, as opposed to hiring a security officer.
Organizations may realize savings of up to 80% over the cost of a full–time employee, with the added value that several information security experts will be available to your organization when needed.
Barriers of lack of appropriate cybersecurity personnel and lack of financial resources eliminated!
Our Virtual CISO (vCISO) offering provides on–demand access to security consultants who can:
- facilitate a health check of your information security program
- implement a risk management strategy/model for all IT decisions
- develop sustainable programs that consider budget, culture and risk tolerance
- elevate your IT teams’ level of security expertise based on their extensive industry experience
- lead your IT teams’ and serve on IT committees (i.e. steering and/or governance committees)
As the 2016 HIMSS Cybersecurity Study concludes, “healthcare providers may greatly benefit from… a “whole of organization” approach to cybersecurity.” If your organization could benefit from our robust Information Security team, or if our Virtual CISO is needed to make an immediate and impactful difference in your healthcare environment, we encourage you to give us a call at (877) 303-3377.
It’s not a question of IF the “bad thing” happens, it’s WHEN… Is your organization prepared to handle a breach?