Topics In Demand
Notification
New

No notification found.

Managing healthcare cybersecurity in 2020 pt.2
Managing healthcare cybersecurity in 2020 pt.2

258

1

It’s widely accepted that healthcare has lagged behind other industries when it comes to cybersecurity, and that the industry needs to close the gap. Thankfully, healthcare managers can use standards to build resilience across diverse cybersecurity fronts simultaneously. Let’s start with the bigger picture.

In order to develop an effective security-specific strategy, healthcare leaders are able to examine their wider organizational standards strategy, across all operational aspects. This can help to ensure a reliable foundation on which to build (for example looking at pillars like ISO 9001, the internationally recognized quality management standard).

With the fundamentals covered, the next task for healthcare leaders could be considering the development of a formalized  cybersecurity policy – one which goes far beyond simply backing up data and frequently testing network security to identify potential gaps (although these remain important).

Managers can use the global information security standard ISO/IEC 27001 to create and implement a bespoke management system, and then ISO/IEC 27002 to develop guidelines that meet international standards. This may also help large healthcare institutions remain agile and responsive in the face of an incident or data breach.

Cloud-based services and storage policies will make up a significant portion of any wide-ranging security protocol. ISO/IEC 27017 provides enhanced controls for providers and customers. It clarifies roles and responsibilities to help make cloud services as secure as any other part of the healthcare IT estate.

A robust cybersecurity policy could be considered vital for decentralized systems, with users spread across several geographical locations or campuses. They should detail all security procedures, processes and responsibilities for staff – both for routine best practice and emergency protocols. It should underline the need for an ‘ever vigilant’ mindset which must be present across every healthcare organization.

A vital strand of any ISO/IEC 27001-based plan is the correct management of patient healthcare data and medical records. ISO 27701 helps healthcare leaders control this personal information. It outlines how to establish and run a privacy information management system (PIMS).

Consideration should also be given in the wider policy to the increasing prevalence of personal device use amongst staff, for routine work and administration. It needs to clarify exactly what’s acceptable, and what responsibilities users have (as well as which applications they can use and where specific risks lie).

Building and maintaining resilience to cyberattack will be always an ongoing, incomplete, process. It’s about building the right culture of awareness and responsibility across all management and staff, because healthcare leaders are fighting a constantly evolving threat. A standards-based approach is the most powerful means of organizational defense – optimizing the balance between efficient daily operation and appropriate protection.

Blog by BSI Group


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


BSI enables people and organizations to perform better. We share knowledge, innovation and best practice to make excellence a habit – all over the world, every day.

© Copyright nasscom. All Rights Reserved.