Security is an issue in every market and every industry, with healthcare as no exception. At the RSA Conference this week, RSA President Amit Yoran spoke about the future of security.
Some of his suggestions, according to an article at Health Data Management, include:
- When it comes to advanced protections, malicious actors will "find ways over, under, around and through. Many of the advanced attacks last year did not even use malware as a primary tactic," he said. Duncan (Oklahoma) Regional Hospital Vice President and Chief Information Officer Roger Neal told FierceHealthIT in February that there is no such a thing as a completely secure system anywhere. "And with the high volume of work in healthcare to meet all of our current regulatory requirements, the industry is struggling with security," Neal said.
- Identity and authentication "matter more than ever."
- Use threat intelligence as a resource. "It should be operationalized into your security program and tailored to your organization's assets and interests so that analysts can quickly address the threats that pose the most risk," Yoran said. A planned cyberattack simulation last April by CyberRX revealed that the healthcare industry needs to better engage stakeholders in their preparedness plans and to be more open about best practices to help the industry as a whole improve.
- Know what matters most at your organization. A company must know what is important to the business and what is "mission critical," Yoran said.
At West Virginia United Health System, assistant CIO Mark Combs said the system's first step in security is to take a hard look at its policies, ensuring alignment with "the culture that we wanted to develop at our institution." Afterward, he said, he and his team set clear expectations for staffers systemwide.
Yoran echoed those sentiments, stressing that security breaches are everyone's responsibility.
"This is not a technology problem," he said. "This is a mindset problem."
To learn more:
- here's the article