From the January/February 2022 issue of HealthCare Business News magazine
Five pillars of security
Cybersecurity can often be seen as the elephant in the boardroom for many reasons, one of them being the difficulty of explaining cybersecurity risks and concerns to those who are not technical. However, the fact of the matter is that the C-suite and boardroom must play an active role in any organization's cyber accountability. By breaking down cybersecurity into 5 pillars people security, physical security, data security, infrastructure security (networks, cloud, applications, third parties, fourth parties, business associates), and crisis management – IT teams can help leadership teams from all sectors understand the need and necessity for security at all levels. Cyber accountability isn’t a concern strictly for IT teams. These 5 pillars set out to demystify the complex technical and legal landscape of global regulation.
Leadership buy-in
Getting the approval of a board or executive leadership team is a difficult process. There are more concerns than just cybersecurity when it comes to deciding whether to implement a solution. We’ve already discussed the cost (which can be addressed through cost-effective solutions) and the C-suite’s lack of IT knowledge (which the 5 pillars of security can demystify), but there is also the issue of regulation. In the last few years, we’ve seen governments at both the local and national level implement various standards and guidelines about how organizations must conduct business. With regards to the healthcare industry, there is GDPR in the EU, and HIPAA in the United States. These compliance frameworks are just the beginning. As technology evolves, so will the requirements for keeping data safe. Failure to comply can result in hefty fines, such as in Portugal, where a hospital was fined 400,000 euros for failure to comply with GDPR.
When it comes to making decisions about risk, cybersecurity, and whether the cost justifies the means, leadership teams must be aware of the heavy arm of the compliance side of the industry -- and the risks they face if they fail to comply. While compliance does not equate to security, it’s a great foundation to build upon.
Final remarks
The cyber world as we know it is changing, especially in the healthcare industry. There are IoT devices and both new and old software that healthcare workers and patients rely upon to ensure that everything is being done to offer the best type of service. But what happens if these technologies get compromised? Leadership teams across the globe need to proactively ensure that best cybersecurity standards are being followed and they need to be concerned with the notion that no matter who you are, you may become a target.
