One thing seems certain, according to just about every security expert interviewed and those companies publishing research studies that next year is going to see more cyber events. And there is a growing concern that institutions have just as much to worry about with indirect attacks as they do deliberate attacks. The Dyn DDOS event was a great demonstration of this point. Many healthcare organizations lost access to their hosted EHR, their web presence and other web based applications even though they were not the intended target. The threat is real and continues to expand to all things connected. In order for healthcare organizations to be ready leadership needs to ask five questions:
1. Do we have a comprehensive cybersecurity strategy based on an adequate security framework?
2. Do we have enough and the right resources, internal and/or external, to adequately address cybersecurity?
3. Are we spending enough to create the proper balance between security and operations?
4. Are we assessing our program thoroughly, appropriately and objectively?
5. Does our security readiness meet the litmus test for reasonableness?
Determining the answers to those questions, and addressing the issues they bring up, will be tremendously important, as the threats to patient care organizations inevitably continue to accelerate this year.
Mac McMillan is founder and CEO of the Austin, Tex.-based CynergisTek consulting firm.
Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.