The American Health Management Association (AHIMA) has issued a direction to assist healthcare companies to create a thorough and good cybersecurity strategy.
In the direction, AHIMA describes that healthcare companies should create, apply as well as maintain a company-wide structure for administering information over its full lifespan, from its formation to its secure and safe disposal – Called information governance (IG).
Like the Protenus/Databreaches.net periodic healthcare data breach accounts indicate, healthcare data breaches are now happening at a pace of over one a day. With the danger of attack more than ever earlier, it’s necessary that healthcare companies create an IG plan.
Vice President, Information Control, Informatics, Security and Privacy at AHIMA, Kathy Downing, describes that IG is now crucial in an atmosphere where cyberattacks are experienced by healthcare companies daily.
Downing mentions the June 2017 statement from the Healthcare Industry Cybersecurity Taskforce (HCIC) that says, “Information governance contains not only security and IT shareholders, but also information shareholders, nonclinical and clinical leaders.” HCIC described, “Control of information moves the attention from expertise to processes, people, and the plans that create, use, and administer the information and data needed for treatment.”
To assist healthcare companies, create, apply, and maintain a good IG plan, AHIMA has created its bit by bit manual, which contains 17 steps healthcare companies can take to finalize a cybersecurity program.
The AHIMA IG Adoption Model™ tackles processes, people, as well as technology and is based on ten skill areas, including security awareness and adherence, legal and regulatory requirement, IT and data governance, enterprise information management, and privacy and security.
By creating and keeping up a cybersecurity program, healthcare companies can develop their safeguards against cyberattacks and avoid expensive data breaches.
The 17 measures to create a complete cybersecurity program are:
- Carry out a complete, company-wide risk investigation of all systems and applications
- Accept health record retention like a cybersecurity problem
- Patch all susceptible computer systems and keep operating/software systems advanced
- Position innovative endpoint recognition systems in addition to standard antimalware/antivirus apparatuses
- Encrypt data on smartphones, workstations, tablets as well as portable media
- Improve identity controls and access management
- Use web screens to obstruct bad traffic
- Apply mobile device administration
- Develop an event reaction plan
- Check audit notes for signs of possible attacks
- Apply intrusion discovery systems
- Evaluate BAs
- Use a third-party company to carry out infiltration tests
- Conduct phishing simulation exercises and improve anti-phishing controls
- Make a ‘State of the Union’ kind demonstration for an organization’s directors on cybersecurity
- Ally and adopt a ‘Defense in Depth’ plan
- Identify and avoid intrusions
Developing and applying a cybersecurity strategy is only the beginning. The risk landscape is continuously changing, and healthcare companies’ IT infrastructures, software, and hardware frequently modify. It’s therefore vital to revise and revisit the cybersecurity strategy, as suitable, at least every quarter to make sure it remains effective and comprehensive.
The AHIMA direction is accessible for download here.