Did you decide that 2019 will be the year you tackle those cybersecurity threats to your organization that keep you up at night? It’s February, and a good time to take stock of whether your organization is following through on its cybersecurity goals. Some estimate that 80% of resolutions fail by the second week of February. Looking at the calendar—the odds may be against you. But, do not despair. New guidance may be the answer to tackling the daunting task of identifying risks to your organization and developing strategies to mitigate them—particularly if you are among the many operating in the health care field.
The Department of Health and Human Services (HHS), in partnership with industry leaders, recently released voluntary cybersecurity guidance aimed at offering practical strategies to cost-effectively reduce the risks associated with specific, common cybersecurity threats. Ransomware? Email phishing? Attacks against connected medical devices? Not surprisingly, those are among the topics covered.
Recognizing that health care organizations of varying sizes are susceptible to different cybersecurity threats and possess different resources to combat them, the guidance has one volume specifically tailored to fit the needs of small health care organizations, and one volume directed to medium and large organizations. The guidelines also contain a number of resources and templates, including a “Practices Assessment, Roadmaps, and Toolkit,” to help health care organizations implement improved cybersecurity practices. And, although it is directed to the health care field, this practical guidance may be applicable to common threats in other industries as well.
HHS recognizes that the health care industry relies on “the digitization of data and automation of processes to maintain and share patient information” in order to deliver patient care efficiently and effectively. Health care technology leaves health care organizations vulnerable to significant risks for the potential of high-impact cybersecurity attacks on their computer systems and the protected health information (PHI) they house. Cybersecurity incidents not only place sensitive information at risk, they also have the potential to affect patient care, disrupt operations, and threaten patient safety. Failing to address cybersecurity can be costly, both in terms of an organization’s bottom line and the reputational damage that may follow a breach. HHS estimates that data breaches cost the United States health care system $6.2 billion in 2016 alone.
So, even if it wasn’t among your resolutions this year, there is never a bad time to start assessing and improving your health care organization’s cybersecurity defenses.
The new HHS cybersecurity guidelines are available here. If you need help with your privacy and data security needs, we invite you to contact us.