Barry Herrin, principal at Herrin Health Law, says spending more money on security technology will only accomplish diminishing returns. Instead, hospitals should take a broader view of people and processes, implementing risk management frameworks such as NIST SP 800-53 and partnering with external threat groups such as InfoGuard and the FBI.

 Read our coverage of HIMSS Healthcare Security Forum in Boston.
⇒ Healthcare must move from risk to resilience, Tom Ridge says
⇒ Equifax hack: What cybersecurity pros are saying about the breach
⇒ Slow breach detection, patching, operational snags handcuff healthcare security
⇒ As hackers become more destructive, security needs an all-hands approach
⇒ Obama's cyber czar warns of 3 troubling security trends
⇒ Old legacy devices pose greatest security risk, experts say
⇒ VIDEO: Former DHS Secretary Tom Ridge on what hospitals can learn from intelligence community
⇒ VIDEO: Penn Medicine CISO Dan Costantino on cybersecurity resource allocation
⇒ VIDEO: How to prevent social engineering attacks? Education and communication are keys
⇒ VIDEO: Attorney clears up misconceptions about HIPAA, cyber insurance, BAAs