AHIMA Issues Cybersecurity Plan for Healthcare Organizations | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

AHIMA Issues Cybersecurity Plan for Healthcare Organizations

December 18, 2017
by Heather Landi
| Reprints

Cyber attacks against the healthcare industry are growing at an accelerated pace, and to help healthcare organizations strengthen their cybersecurity programs and defend against a cyber attack, the American Health Information Management Association (AHIMA) recently released a 17-step cybersecurity plan.

AHIMA notes that Information governance (IG)—the development of an organization-wide framework for managing information throughout its lifecycle and supporting the organization’s strategy, operations, regulatory, legal, risk and environmental requirements—is a critical organizational initiative that healthcare organizations must embrace in order to thrive in the environment of cyber threats and attacks in healthcare today. Once information governance program is created and implemented, a cybersecurity plan needs to be reviewed at least quarterly to ensure the organization is taking the necessary steps to prevent or detect an attack.

The 17 steps that ANIMA recommends as part of a complete cybersecurity plan are:

  1. Conduct a risk analysis of all applications and systems
  2. Recognize record retention as a cybersecurity issue
  3. Patch vulnerable systems
  4. Deploy advanced security endpoint solutions that provide more effective protections than standard antivirus tools
  5. Encrypt the following: workstations (high-risk) and laptops; smartphones and tablets; portable media and backup tapes (if tapes are still being used)
  6. Improve identity and access management
  7. Refine web filtering (blocking bad traffic)
  8. Implement mobile device management (MDM)
  9. Develop incident response capability
  10. Monitor audit logs to select systems
  11. Leverage existing security tools like Intrusion Prevention System/Intrusion Detection System (IPS/IDS) to detect unauthorized activities
  12. Evaluate business associates
  13. Improve tools and conduct an internal phishing campaign
  14. Hire an outside security firm to conduct technical and non-technical evaluations
  15. Prepare a “State of the Union” type presentation for an organization’s leaders on cybersecurity
  16. Apply a “Defense in Depth” strategy
  17. Detecting and preventing intrusion


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.