WEDI Releases Healthcare Cybersecurity White Paper Outlining Best Practices to Mitigate Risk | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

WEDI Releases Healthcare Cybersecurity White Paper Outlining Best Practices to Mitigate Risk

March 20, 2017
by Heather Landi
| Reprints

The Workgroup for Electronic Data Interchange (WEDI) has issued a cybersecurity white paper examining health IT vulnerabilities and how stakeholders can mitigate risk in the wake of record data breaches striking the healthcare industry.

WEDI, a Reston, Va.-based nonprofit organization focused on the use of health IT to create efficiencies in healthcare information exchange, developed the white paper, entitled “The Rampant Growth of Cybercrime in Healthcare,” which can found here, in order to examines common vulnerabilities that are typically exploited by cybercriminals in today’s healthcare environment, as well as best practices healthcare organizations can implement to mitigate these vulnerabilities.

According to the paper: “As the use of health IT becomes more widespread, cybersecurity must be more directly integrated into the fabric of healthcare and ultimately become an organizational asset that is perceived as commonplace and mission-critical as hygiene and patient safety procedures have become to quality care. No matter how high the walls that any one organization is able to erect against cybercriminals, the healthcare industry at large must coalesce as a united front to more collectively address how to implement a universal culture of cyberdefense and train a more resilient workforce to mitigate threats.”

Stemming from topics discussed at multi-stakeholder cybersecurity roundtables convened in November 2015 and April 2016 by WEDI and sponsored by Fortinet, the 15-page document outlines how cybercrimes are more commonplace in the healthcare landscape given the high value of digital health records which have “attracted organized crime and government-sponsored entities that in turn are capable of launching sophisticated attacks to disrupt, disable, destroy or maliciously control digital technology and data of organizations. As cybercrimes have become more prevalent and complex in healthcare, they are also causing greater damage.”

In light of the cybersecurity challenges identifies, roundtable participants identified the following best practices for mitigation to the industry, as explored in the white paper:

1.       Drive a cultural change in how cybersecurity is approached in healthcare, beginning with raising awareness to educate stakeholders around the risk and cost of cyberattacks;

2.       Build the business case for cybersecurity and move it into the executive suite;

3.       Develop cybersecurity frameworks that provide a robust, forward-facing roadmap to protect organizations in a changing environment; and

4.       Apply lessons learned from other industries.

Some additional key highlights from the white paper include:

  • It is critical for organizations to assess their current approach to cybersecurity, understand potential adversaries that they may encounter and identify the vulnerabilities that may be targeted before developing a comprehensive and robust strategy to effectively detect, mitigate and prevent cyberthreats across multiple fronts
  • In 2016, the leading causes of reported data breaches in healthcare were unauthorized access (40 percent) and hacking (33 percent), while theft and loss of data actually saw a decrease in the number of incidents
  • Of the current cyber threats that compromise data today, healthcare organizations are most concerned by ransomware (69 percent), phishing attacks (61 percent) and negligent insiders (55 percent) which can often be the most difficult to prevent and protect, given the human elements involved.

 

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

CMS Exploring Potential Behavioral Health Payment and Care Delivery Model

The Center for Medicare & Medicaid Services (CMS) plans to hold a one-day summit in September to solicit feedback and ideas for a potential behavioral health model to improve access, quality and cost of care for beneficiaries with behavioral health conditions.

MEDITECH to Soon Offer CommonWell Health Alliance Services to Customers

MEDITECH, a Westwood, Mass.-based electronic health record (EHR) vendor, has announced that it is set to offer CommonWell interoperability services early next year.

HITRUST CSF Certification Now Includes NIST Cybersecurity Certification

HITRUST has announced that HITRUST cybersecurity framework (CSF) version 9 enhancements now extend an “assess once, report many” approach as a standard security framework for multiple critical infrastructure industries and includes National Institute of Standards and Technology (NIST) Cybersecurity certification.

Premier: Analytics Helping Hospitals Optimize Blood Use

An analysis of 645 hospitals revealed that comparative data analytics to drive performance improvement has the potential to optimize blood use across numerous diagnoses.

Almost 80 Percent of Clinicians Still Use Hospital-Issued Pagers

A study examining the communication technologies used by hospital-based clinicians found that close to 80 percent (79.8 percent) of clinicians continue to use hospital-provided pagers and 49 percent of those clinicians report they receive patient care-related messages most commonly by pager.

Survey: IT Expenses per Physician Continue to Rise to Nearly $19,000

Information technology (IT) expenses for physician practices are on a slow and steady rise for most practices, and last year, physician-owned practices spent between nearly $2,000 to $4,000 more per FTE physician on IT operating expenses than they did the prior year, according to a recent Medical Group Management Association (MGMA) survey.