Leon Lerman, CEO of healthcare cybersecurity solution provider Cynerio, commented on the 2018 CHIME HealthCare’s Most Wired survey released last week, in which only 29 percent of healthcare organizations report having a comprehensive cybersecurity program in place.
Leon Lerman, CEO at Cynerio:
“CHIME HealthCare’s Most Wired survey stated that for most healthcare organizations, establishing a comprehensive cybersecurity program is a work in progress. The components of such a program include organizational aspects such as having a dedicated CISO or a board level committee that the cybersecurity team can report to. Other aspects of the program involve the reporting of security deficiencies, updates and progress. This requires more than just hiring security personnel and building a committee for them to report to. It’s more about the organizations’ ability to implement cybersecurity strategies and practices that are suited to the healthcare environment.
Healthcare IT is very different from other industries with regard to how cybersecurity works. Healthcare security teams often learn the hard way that if you try to “bolt-on” security in a healthcare IT network environment, you risk interfering with clinical operations which results in immediate push-back from clinical teams.
It is clear from the report that healthcare organizations need to ramp up their efforts to establish comprehensive cybersecurity programs, but it is also important that they take a healthcare-driven approach, or these efforts may be futile. For healthcare security teams to be able to report on cybersecurity deficiencies and mitigate risks, it is essential that they do this based on a good understanding of the healthcare IT environment.
A good place to start is by looking at connected medical devices. Medical devices are undoubtedly the most vulnerable assets in the healthcare IT environment and they are also typically the least understood by security teams. Security teams and clinical engineering need to work together to gain better visibility into the risks of connected medical devices in order ensure healthcare-driven security practices that are safe and effective.”