Having simple protections in place is key to keeping health data safe, says Jackson Health System Chief Information Security Officer Connie Barrera, but often the complexity of cybersecurity can make organizations forget about the basics.
Barrera outlines some of those tried and true policies in a post at HealthsystemCIO.com. They include:
- Yearly testing. An outside provider should test systems and programs for vulnerabilities at least once a year, she writes, and can also bring a fresh perspective to the table.
- Monthly vulnerability scanning. Having a simple scanning solution to check for issues is an “extremely viable” resource, she says. This will help organizations easily see risks and have the ability to quickly fix them.
- Consistent IT employee training. Barrera says often it’s assumed that IT people know how to deal with every kind of issue, but that’s not necessarily true. “The business should not leave competence to chance,” she says. “[O]rganizations can’t send every single person to training, but we need to do a better job in this area.”
Rick Kam, president and cofounder of ID Experts, told FierceHealthIT in May that lax cybersecurity often boils down to the issue of accountability.
“Someone has to take responsibility to make sure risk assessments are done and there has to be follow-through on the appropriate investments to make sure data is secure," he said. "Organizations are making investments, but they seem not to be making them in a way that's reducing the problem."