In 2012 then FBI-director Robert Mueller observed: “There are only two types of companies: those that have been hacked, and those that will be.” Health organizations deploying multiple IT applications must be aware of the dangers IT security poses and review their security policy regularly.

Healthcare is the most vulnerable sector when it comes to data security. This industry works fueled by personal healthcare data regarding every patient. At some point this data is inevitably digital, business leaders must address cybersecurity concerns. IT security is not a goal, but an ever-changing battle where players are constantly changing. These players are new technologies, new data and sophisticated adversaries.

So, what cybersecurity strategy should a healthcare company pursue?

Prioritize Threats

Find the most vulnerable IT systems in your company and protect them first. Identify, prioritize, and manage risk relative to its potential impact on mission-critical operations so that you can balance security needs against cost and risk considerations, designing an enterprise solution that secures your people, facilities, processes, and technologies.

Compliance is not security

Regulation is mostly about compliance, but this does not equal IT security. Of course, your organization needs IT security to comply with the existing rules.

Develop a cybersecurity policy

Develop a cybersecurity policy, and update this strategy quarterly. Implement and enforce this policy.

Be proactive

New players are continually defining the changing cybersecurity landscape. Always review your business goals, take in consideration new IT threats and new IT systems when you update your cybersecurity policy.

Don’t forget, train your colleagues

Don’t forget, your colleagues are an active part of your IT cybersecurity strategy. Teach them about new technologies, explain them, why a particular business process is designed that way, and why it needs a secure execution. Update them regularly about new threats, social engineering scams, data leak points. Establish rules of behavior describing how to handle and protect patient information and other vital data. Update and refresh your colleague’s IT security knowledge.

Develop a communication strategy for a crisis, and rehearse it

Even if a robust IT security infrastructure is in place, the staff is trained, and you are proactively reviewing your policies, cybersecurity incidents may occur. Develop a disaster communication scenario, describe thoroughly the flow of information and necessary steps to avoid financial loss and what is even worst reputational damage.

Author: Zoltan Mathe