Safeguarding against new cyber threats

Posted: Nov 13, 2014
Share This:

The threat of cyber attacks is a very real concern for healthcare industry leaders.

Earlier this year, headlines were dominated by Heartbleed – a security bug which compromised users’ personal information by allowing attackers to access protected information via vulnerable versions of OpenSSL software.

The latest headline threat comes in the form of Shellshock. Shellshock, also known as Bashdoor, is a family of security bugs which primarily affects Bash, a program used for interpreting and processing requests between software systems.

The bug allows attackers to gain unauthorized access to a computer system in order to steal confidential information.

Shellshock has the potential to compromise millions of systems, hence why it has been compared to the Heartbleed bug in its severity.

With medical records a top target for hackers, healthcare industry leaders are on high alert when it comes to cyber attacks, and this latest threat only emphasizes the importance of having a robust cyber security strategy in place.

At the HIMSS Privacy and Security Forum, hosted in Boston last month, Ed Marx, CIO of Texas Health Resources spoke about the importance of leadership.

Marx said he realized some time ago that Texas Health’s security was not at the level it needed to be, and the key to improving it was getting the buy in from senior board members.

Part of getting this buy in was reminding them that compliance should be an absolute minimum requirement within an organization, with security being the main objective.

“We had [previously] existed just to meet compliance,” Marx said. “But if all you do is meet compliance, you’re in a whole lot of trouble when something happens from a security perspective.”

Marx went on to reference some key points behind a security-on-top-of-compliance approach. Here is a summary of the points made:

Give CISOs the authority they need

Responsibility is worthless without authority. CISOs (Chief Information Security Officers) must be in a position – both territorially and authoritatively – to educate decision makers within an organization.

Form a security governance council

It is crucial that an organization is able to plan for security breaches and prioritize risks. It is therefore important to have a clear chain of command, including senior business and clinical leaders, that links security and compliance to executive leadership.

CIOs must take the lead

Responsibility should lie with the CIO (Chief Information Officer) when it comes to filling leadership gaps. Such responsibilities should include:

  • Ensuring ownership and accountability for cyber security within the organization.
  • Breaking down barriers between compliance and security staff.
  • Allowing appropriate funding for security needs.
  • Ensuring the organization is fully prepared for a security breach.

For further advice regarding the sharing and safeguarding of sensitive information within your healthcare organization, speak to us today.