Cybersecurity is every healthcare organization’s main line of defense against breaches and other data compromises. Every healthcare organization is challenged by cybersecurity risks, which exist inside and outside the organization. Fortunately, there is a way to prepare for and defend against these events with appropriate planning and design of the cybersecurity program. Three key ingredients compose this plan: people, processes and technology. However, these elements are not mutually exclusive. Rather, these elements work in tandem with one another. Additionally, organizations can reach across externally for assistance and expertise, as needed, to ensure that their cybersecurity programs are robust and the best they can be.

People: All Hands on Deck to Protect and Defend
According to the 2015 HIMSS Cybersecurity Survey, nearly two-thirds of respondents indicated that a lack of appropriate cybersecurity personnel was a barrier to mitigating security incidents. Additionally, cybersecurity personnel play a key role in managing risk at an organization. Some organizations may have sufficient expertise in-house and thus may not need to outsource, except in unusual or exceptional situations (e.g., a sophisticated cyberattack resulting in a massive breach). Other organizations, however, may lack sufficient numbers of cybersecurity personnel or may lack cybersecurity personnel who can perform certain tasks or functions (e.g., penetration testing). Whether it is a lack of personnel or expertise, many healthcare organizations find outsourcing solutions to fulfill these needs.

The HIMSS Innovation Center is enabling stakeholders to come together to address vital needs for health system architecture. A new in-person resource – the HIMSS Cybersecurity Command Center – will debut on October 20, 2016. The interactive, Cleveland-based experience will help individuals understand, prepare, fight cyber threat and avoid data breaches as key requirements for any stakeholder.

Processes: Cybersecurity in Action
Processes are the glue that binds the people to the technology in cybersecurity. If the appropriate processes are not in place, significantly adverse consequences can result. In fact, a lack of appropriate processes can lead to a haphazard and inconsistent approach to assessing and managing risks. In turn, a healthcare organization’s defenses may be weak because of many unaddressed vulnerabilities.

Processes need to be finely tuned to an organization’s needs and requirements by being part of a written plan. The plan serves as a blueprint for the organization’s cybersecurity program, and should be tested and validated regularly. It outlines what gets done, when and how – and, specifically, who the players are, what the processes are, what technology is used and how it is used. The plan also includes contingencies to address a manmade or natural disaster, such a hacking incident or a hurricane. Further, the plan is a living and breathing document that changes with shifts in personnel, processes and new or different technology.

Whether healthcare organizations need to build or improve upon their security plans, OnX Enterprise Solutions helps them adopt and implement security frameworks and establish best practices. It also can review and provide expert input on an organization’s processes, with an eye towards helping secure the entire health IT ecosystem. This includes considerations for mobile medical devices, electronic health records and the data within.

Technology: Tools to Identify, Detect, Protect, Respond and Recover from Security Incidents
The mainstays of many healthcare organizations’ cybersecurity technological solutions, including firewalls and anti-virus software, have been around for many decades. Meanwhile, the threat actors have become quite sophisticated and their tactics quite advanced. In the face of this new reality, healthcare organizations must evolve their technology solutions to include and, indeed, embrace more advanced solutions. For example, intrusion prevention systems, data loss prevention solutions, security information and event management systems are robust solutions organizations need today. These tools help secure the information technology environment at all stages: identifying, detecting, protecting, responding and recovering from security incidents.

Malware is constantly evolving and can be relatively difficult to detect – stealth malware is becoming increasingly common. Upon detection of new malware, an organization’s staff are alerted and the scope of compromise is identified. This includes information on how the malware spread through the network environment, whether any personally identifiable information or protected health information has been compromised, among other topics. Detecting malware is one thing; stopping the spread is another.

Before an attack: Profile the network to understand what needs defending – the who, what, where, when and how. This is being visibility driven. It is essential to accurately see what’s really happening in the environment to understand what is typical and what constitutes a threat. Visibility needs to come from the network fabric, endpoints, mobile devices, virtual environments and the cloud. The more organizations see in their networks, the more they can correlate this information and apply intelligence to understand context, make better decisions and take action – manually or automatically.

During the attack: When attacks do get through, detecting them, understanding them, blocking them and defending the environment against them is the priority. Policies and controls are important to reduce the surface area of attack. In this environment of advanced malware and zero day attacks, it is an on-going process that requires continuous analysis and real-time security intelligence, delivered from the cloud and shared across all products for improved efficacy.

After the attack: Invariably attacks will be successful. In such instances, healthcare organizations need to be able to determine the scope of the damage, contain the event, remediate and bring operations back to normal. Continuous network monitoring and analysis are gold standard security solutions to record, understand and apply what is being “seen” in the network.

Threats to patient and healthcare information change rapidly. Healthcare organizations must remain vigilant and rely on state-of-the-art technological solutions to better protect, detect and defend their information from unauthorized users and entities.

How to Get from Here to There
Cybersecurity is a rapidly growing and dynamically changing field. It appears to be a maze. And, while not an easy endeavor, it can be manageable with the right people, processes and technology – and with help and assistance from experts, when needed.

Healthcare organizations must now quickly grow their capabilities in cybersecurity, especially given the sharp rise in cyberattacks in recent years. All organizations need to agilely adapt to this new terrain; no one is immune to compromise. The risk to safety, security and trust are too great. The healthcare community must continuously learn and collaborate with one another to become more resilient for the industry as a whole and to protect patients, the ultimate benefactors. In so doing, the Global Center for Health Innovation will be the spark for collaboration, learning and discovery along the healthcare cybersecurity journey.

Perspectives in Healthcare in a joint publication developed by the tenants of the Global Center for Health Innovation in Cleveland, Ohio.