Privacy & Security

A cybersecurity summer reading list for hospital boards

'Cybersecurity is no longer an agenda item for IT; it is an agenda item for the board as well'
By Bob Chaput
June 08, 2015
10:16 AM

Three years ago, most healthcare boards of directors knew more about online video games than online security. Now they’re paying very close attention to cybersecurity, especially the boards of for-profit health systems.

What used to be viewed as an operational issue is now a trustee responsibility because of the likelihood of lawsuits following a data breach. Boards across the U.S. want to avoid the headaches recently experienced by Target and Wyndham in the wake of well-publicized breaches.

There were four shareholder derivative lawsuits filed against 13 of Target’s directors and officers following its big breach in November 2013. They’re being sued for breach of fiduciary duty and waste of corporate assets, among other things. These cases have been consolidated and are still pending.

Wyndham dodged a bullet last year when a similar shareholder derivative suit was dismissed, but that decision has been appealed.

Fortunately, there’s an excellent resource from the Institute of Internal Auditors Research Foundation titled "Cybersecurity: What The Board of Directors Needs To Ask." There are six questions they feel are particularly important:

  • Does our organization use a security framework?
  • What are our top 5 risks (ranging from the proliferation of BYOD and smart devices to the outsourcing of critical business processes to third parties)
  • How are we educating our employees about their roles related to cybersecurity?
  • Are both external and internal threats considered when planning/monitoring our cybersecurity program?
  • How is security governance managed within our organization?
  • In the event of a serious breach, has management developed a robust response protocol?

While it’s likely that we’ll see more CIOs and CISOs serving on healthcare boards in the future, the IIA report encourages all board members to get actively involved in cybersecurity initiatives. The report’s concluding words are, "Cybersecurity is no longer an agenda item for IT; it is an agenda item for the board as well."

Another great resource for hospital boards is the American Hospital Association’s "Cybersecurity and Hospitals: What Hospital Trustees Need To Know About Cybersecurity Risk and Response."

If trustees would simply read and use these two reports, healthcare organizations across America would be on the proactive path to protecting the security and privacy of their information assets. Do you trust your trustees to take the necessary action?

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Two surgeons operating
Success Stories & ROI
Boston Children's brings engineering precision to pediatric heart surgery

Most Read

Altera makes comprehensive Azure-based EHR available
Majority of cyberattacks are through third-party vendors
Why won't this expert's clients sign onto AI projects for more than 12 months at a time?
Cyberattack roundup: Ransomware hits Georgia hospital and Colorado pathology services
Google sets mandatory MFA deadline for all cloud accounts
What Trump's election means for healthcare

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

Aashima Gupta at Google_Doctor typing on computer Photo by Everyday better to do everything you love/iStock/Getty Images Plus
Physicians can get back to patient care with genAI
A person placing a medical test tube inside a plastic bag
Korea starts recruiting for 1 billion bio data project
Healthcare workers in meeting
Healthcare execs more optimistic heading into the new year, survey finds
Business people shaking hands at a meeting
Predictions for mergers and acquisitions in 2025
Chike Okeke at Concord Technologies_Healthcare Cybersecurity Forum 2024
Safeguarding PHI through cloud security controls
Russ Graney of Aidin on AI
2025: The 'great tech reckoning' and the 'real' AI revolution
healthcare worker with headset using a computer
Streamline call center operations with automation
Stethoscope resting on tablet
HIMSSCast: Nurses want AI to enhance patient interactions