ENLISTING KEY STAKEHOLDERS IN CYBERSECURITY STRATEGY: IT’S A TEAM EFFORT

BY MICHAEL ARCHULETA
CIO, HIPAA & Information Security Officer

Healthcare is the highest targeted sector in direct relation to cybersecurity. Cybersecurity attacks have the capability to bring productivity and operations to a complete stand still within any industry.

Healthcare is already lagging behind other industries when it comes to cybersecurity strategy, therefore, shutdowns can result in a debilitating precipice, halting operations, preventing critical access to medical records for emergency treatment and can cause loMT devices to be severely compromised.

With the progression and cutting edge implementations of technology, cybersecurity threats continue to escalate, while organizations demand better cybersecurity protections. Healthcare organizations must outlay a progressive increase in capital to secure their organizations against this ever-present threat of potentially disastrous attacks.

Getting Key Stakeholders at the Table

Healthcare organizations need to primarily ensure that their Chief Financial Officer and other stakeholders fully understand the growing financial impact of cybersecurity. As security tools become more efficient, executives may be tempted to lower their budgets in this area without fully grasping the full scope and magnitude of how badly a cyberattack would not only affect their day-to-day operations, but the organization’s long term financial stability.

Both consumers and investors are now beginning to evolve in their knowledge base and are demanding transparency around these protections. Incoming regulations are providing the means to deliver this visibility.

A few case in point issues that are occurring are directly related to the uncertainty of whether cyberattacks are actually being stopped, an inability to determine whether the organization is getting full value from its tech investments, and issues with communicating a clear picture of their security posture to the boardroom.

Healthcare organizations continue to be popular targets for cybercriminals with their wealth of personal health information. Organizations need to evaluate what seems to be beneficial and working well, and what is lacking and needing improvement.

A Sound Cybersecurity Strategy

Real-time protection, actionable intelligence and continuous assessment of security strategies are crucial to the success of your overall cybersecurity plan. Penetration testing is a critical element in incorporating your cybersecurity plan to keep your organization safe. Additionally, this allows you to obtain actionable intelligence to present to the board.

It’s crucial to obtain data and make the data equal true value. Data is now the most valuable resource in the world, with most businesses now using data to power their business opportunities and an integral part of forming a business strategy. W. Edwards Deming quotes “Without data you’re just another person with an opinion.”

We must utilize the data to create actionable intelligence and use it as a foundational building block in creating our story in regard to the importance of cybersecurity investments and utilizing the data to validate the effectiveness of our cybersecurity strategy.

Join the Discussion >

This article originally appeared on the LexisNexis – Risk Solutions Blog.

MICHAEL ARCHULETA
CIO, HIPAA & Information Security Officer
MT. SAN RAFAEL HOSPITAL

Recognized as a Top Hospital and Health System CIO to know and named a Rising Star in Healthcare, Michael is a cutting edge, innovative, visionary leader who possesses strong leadership skills with extensive experience and a proven track record of driving increased levels of productivity, profits, high integrity customer relationship skills and expert problem-solving approaches.

Michael currently serves on the advisory board for Prime Health and as a technology advisor for Self Care Catalyst. He is also an active member of the College of Healthcare Information Management Executives, a cybersecurity advisor to several healthcare startups and an active Speaker within the field of Health Information Technology.