Healthcare cybersecurity preparedness: Why it must start at the top

Too often, security is seen as a technology rather than an initiative that should start at the top, according to a new AT&T report "What Every CEO Needs to Know About Cybersecurity."

Threats are pervasive and the stakes high, yet 75 percent of corporate boards are not involved in cybersecurity oversight, it states.

It's among a flurry of reports warning about cybersurity risks--and that healthcare lags other industry sectors in preparedness. Healthcare has received poor marks recently on device security, application security and third-party risk management.

Healthcare is a valued target because of its stores of personal information and a workforce with little security savvy and who are too busy to gain that knowledge, according to the new report, which cites the street value of stolen medical information at $50 per record, compared to $1 for a stolen Social Security number.

What's more, there's a considerable market for pharmaceutical and technology intellectual property, according to the report; after all, it's much cheaper to steal information than to perform research and development.

It outlines the risk created by new technologies including the Internet of Things; Big Data, cloud computing; mobile devices and bring your own device practices; and shadow IT--when employees use unapproved devices and software.

Best practices recommended for addressing both internal and external threats include:

  • Strengthening security foundations such as access privileges, particularly when someone leaves
  • Making security everyone's responsibility
  • Training of users
  • Enforcing the rules
  • Managing rather than banning shadow IT

To learn more:
- find the report (.pdf)