Hospitals need to practice their security hygiene just like hand-washing



Three agencies, FBI, Departments of Homeland Security, and Health and Human Services, issued a security alert for hospitals last week that they have credible evidence of an increased and imminent cybercrime threat to US hospitals and health systems. The call of action is for the entities to protect their network infrastructure from these threats immediately.


Two weeks ago, ransomware hit six hospitals that took their systems down. These six hospitals have openly shared the incident as we do not know how many other hospitals were also affected. The following four routines should be fundamental to every healthcare institution.


Over-communicate

CIOs and CISOs must devote their effort to over-communicate in the upcoming weeks on the security announcements, emphasizing organizational vigilance.

Christiana Care, CISO, Anahi Santiago worked profusely on sending out multiple enterprise communications focused on situational awareness and call of actions for IT and hospital operations. She has also partnered extensively with her enterprise storage vendor on preparedness and response.


Backup appropriately

Health systems have invested a large portion of their budget in the state of the art backup automation tools. The key is to test the backup regularly while practice restoring data regularly. College of Healthcare Information Management Executives (CHIME) reminded their members about the 321 backup rule. Ensure that you have three copies of your data (your production data and two backup copies) on two different media with one copy off-site for disaster recovery.


Update and patch

Ensure that all servers, workstations, and security tools have the latest updates and patches. Prioritize the highest risk areas and do not lose sight of the remote workforce. Organizations are promoting the virtual workforce, and that also means the IT security will follow your employee as they are shifting the work environment connecting to your enterprise assets from anywhere.


Cyber insurance

Having a cyber insurance policy is a prerequisite for all healthcare organizations. Ensure that the insurance policy covers the different attack scenarios and, most importantly, as an institution, decide early on whether the strategy is to pay the ransom if attacked. The majority of healthcare CISOs prefer not to pay if the choice is theirs.


Hospital and health system leaders must emphasize the importance of information security with the same priority as handwashing. Organizations must also practice their downtime process routinely versus the typical once a year exercise. As clinicians work and live in the digital world, they may not remember or even know how to practice medicine during downtime using paper.


RECENT POSTS

FEATURED POSTS

FOLLOW US

  • Grey Facebook Icon
  • Grey Twitter Icon
  • Grey Instagram Icon

ABOUT David Chou

David Chou serves as the SVP/CIO for a public academic health system.  Chou has held executive roles with the Cleveland Clinic, Children's Mercy Hospital, University Of Mississippi Medical Center, AHMC Healthcare, and Prime Healthcare.  

David is a dynamic keynote speaker and industry commentator working with clients to transform their business models using technology. He has spoken around the world at healthcare tech-related conference including keynotes for leading industry events and intimate executive settings. Chou is also one of the most mentioned CIOs in the media and well quoted in outlets such as the Wall Street Journal, Modern Healthcare, HIMSS Media, ZDNet, CIO.com, Huffington Post, and Becker's Healthcare.  David is an active member of both ACHE and HIMSS while serving on the board for CHIME. 

SOCIALS 

SUBSCRIBE 

 Subscribe now to receive the new updates.