New issue offers insights to build cybersecurity strategy to protect healthcare data

Like other data-driven organizations, healthcare networks are vulnerable to potentially crippling cyberattacks - but may lag behind other sectors in preparing for and avoiding data breaches, according to a series of articles and commentaries in the Fall issue of Frontiers of Health Services Management, an official publication of the American College of Healthcare Executives (ACHE). This journal is published in the Lippincott portfolio by Wolters Kluwer.

"Cyberattacks pose a real threat that all healthcare leaders and boards can and must address with strategic plans of action to prevent vulnerabilities, minimize risk, and respond to incidents when they do occur," writes Frontiers Editor Trudy Land, FACHE, in an introductory editorial.

Preventing Cyberattacks: 'In Cybersecurity, Everyone Is a Stakeholder'

The new issue highlights two feature articles in which healthcare executives share their insights and experiences with building an effective cybersecurity strategy to protect valuable but vulnerable healthcare data. Dennis W. Pullin, FACHE, of Virtua health system in Marlton, N.J., emphasizes the importance of process improvements and team culture. At Virtua, "Cybersecurity is a team effort," Mr. Pullin writes. "From board trustees to frontline employees, everyone is held accountable for protecting the organization against cyberattacks."

Michael J. Reagin and Michael V. Gentry, FACHE, of Sentara Healthcare in Norfolk, Va., discuss the role of enterprise cybersecurity - walking readers through the essential integration of people, process, and technology involved in building a world-class cyber defense program. The authors write, "Partnering with a managed security services provider to build the key components of a program, rather than developing them completely in-house, can reduce costs and provide a higher level of expertise."

In a commentary, Dane C. Peterson and colleagues of Emory Healthcare in Atlanta point out that the costs of cyberattacks include real risks to patient safety and quality of care. One study reported a significant increase in a hospital's 30-day mortality rate for acute myocardial infarction, lasting for years after a cyberattack. The authors highlight key components of the cybersecurity strategies outlined by the feature articles:

  • Third-party risks - ensuring that vendors are also taking cybersecurity seriously
  • Value of multifactor identification in limiting "both the likelihood and impact of data breaches"
  • Staff training (and follow-up) in recognizing phishing scans and protecting passwords
  • Effective security staffing models, including the importance of internal and external collaboration
  • "Cyberleadership" and culture, including engagement of senior leaders in a cybersecurity oversight committee
  • Governance and financing challenges, including the role of a Board-level IT committee

Additional commentaries share perspectives from an insurer (Sean P. Murphy, FACHE, of Premera Blue Cross in Washington and Alaska) and a healthcare IT expert (Carla Smith of the Healthcare Information and Management Systems Society, Chicago).

The editors and contributors hope that the cybersecurity-focused issue of Frontiers will increase awareness of the vulnerability to cyberattacks at every level of the healthcare system. "Through organization-wide training, leaders can raise critical security consciousness, explain the various threats, develop and disseminate policies and procedures, emphasize the severe consequences of an attack, and convey shared responsibility," Trudy Land writes. "In cybersecurity, everyone is a stakeholder."

Source: https://wolterskluwer.com/

Comments

The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News Medical.
Post a new comment
Post

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.

You might also like...
Remote interpreting raises concerns about communication quality in healthcare