by
John R. Fischer, Senior Reporter | March 06, 2018
Such an innovation enables enterprises to organize their security priorities, and protects them from legal repercussions, such as dealings with the Office for Civil Rights.
Providers should also utilize a variety of solutions to combat security threats, such as an IDS/IPS for detecting and alerting users to malware downloads, and application whitelisting for monitoring applications and preventing malware from being run.
The most important item though, if they can afford one, is a security information and event management (SIEM) software solution, which can analyze millions of security alerts in real time.
Kusche notes that while money and skill level can hinder the ability of a provider to protect itself, the main issue is the focus of many on meeting necessary requirements rather than ensuring their system is at its best for standing up to cyber attacks.
“What you do for compliance doesn’t mean that you’re an effective program. It just means you’re meeting the regulations. You’re checking boxes,” he said. “The challenge for us as professionals in health IT is how do we go from checking boxes to making sure that our programs are doing things that we want them to do. Where do we meet the intent? How do we get to the point where we stop looking at the boxes that need to be checked, or make that the first thing we do, and put them aside and then say, “How effective am I? How effective is our program?”
In addition, he advocates for greater documentation of systems and networks, more collaboration between providers and vendors on medical device vulnerabilities, such as patching issues, and greater reliance on information sharing organizations, such as state police, the FBI, and computer emergency readiness teams, as guides on cybersecurity matters.
Back to HCB News
