How to create a hospital cybersecurity framework

As cyberattacks on the healthcare industry increase in intensity, hospitals and healthcare providers must establish a cybercentric framework.

For providers who don't have such a framework in place, Christopher Paidhrin, security administration and integrity manager in the compliance division of Pacific Northwest-based PeaceHealth, says it is important to do two things: Create a spreadsheet that can stimulate ideas and don't forget about business associates and vendors, including the flow of information into and out of the organization is imperative.

A good security risk template to consider is the National Institute of Standards and Technology's cybersecurity framework, he writes at HealthcareInfoSecurity.

Through his experience with cybersecurity, Paidhrin says he learned that being agile and proactive is very important, as is having early detection of threats and rapid response to attacks.

Providers, according to Paidhrin, should also start small: "Do something today that makes a difference tomorrow," he says.

In addition, he says organizations should communicate and pool their information to better help one another prepare for and prevent attacks.

NIST, in November, created draft guidelines to help organizations share information during and after a cyberattack.

"By sharing cyberthreat information, organizations can gain valuable insights about their adversaries," Christopher Johnson, lead author of the guidelines, says in an announcement. "They can learn the types of systems and information being targeted, the techniques used to gain access and indicators of compromise."

In addition, the Health Information Trust Alliance says it will include privacy controls in version seven of its Common Security Framework.

To learn more:
- read the post