The pandemic has further exacerbated security risks and strained IT teams at healthcare organizations as they've increased their remote work and telemedicine, making them even more vulnerable to bad actors. So, what should healthcare IT leaders do to ensure they're not the next big news story?
OneNeck CISO, Katie McCullough, says, "Per the HIPAA Security Rule, the first step in identifying and implementing safeguards that keep healthcare organizations safe is to conduct a risk assessment. It's foundational in protecting electronic health information. At OneNeck, our approach is to evaluate a healthcare organization's current security capabilities against the Center for Internet Security’s recently published version 8 CIS Controls, and to provide an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of their electronic protected health information."
The Security Rule regulations addressed in this assessment are divided into administrative, physical, and technical safeguards.
- Administrative Safeguards:
- Risk management process
- Security personnel
- Information access management
- Workforce training and management
- Periodic assessments
- Physical Safeguards:
- Facility access and control
- Workstation and device security
- Technical Safeguards:
- Access control
- Audit control
- Integrity controls
- Transmission security
Katie continues with, "As the most-targeted industry, today's healthcare organizations can't afford to not proactively address these critical security safeguards. There's just too much at stake. But don't go it alone. An experienced security partner like OneNeck can bring the outside perspective and deep industry knowledge that will help a healthcare organization identify their risks and prioritize a mitigation plan that will keep the bad guys out and keep sensitive patient information safe."
Want to talk to a OneNeck security professional? We're here to help.