Banner

Article

Not If, But When, You’re Hacked

Cyber security has become as important as washing your hands. Passing on a virus in either situation can have catastrophic consequences.

At a recent Health IT conference, a few hospital chief information security officers talked the about the present state of HIT cybersecurity and offered some observations.

Here are the headlines:

1. You will be hacked. It is just a question of when and how you mitigate the damage.

2. Firewalls don't work.

3. HIT is 10 years behind other industries, like financial services, but hopefully we can learn from the mistakes others made so it won't take 10 years to catch up.

4. You need a security operations center.

5. Most chief information security officers (CISOs) don't have specialized training in cybersecurity and there needs to be higher standards.

6. Having a state-of-the-art cybersecurity capability requires money, leadership support and the right processes.

7. Big medicine cybersecurity solutions are not applicable to small medical practices. However, most small practices can protect themselves with basic interventions and outsourcing.

8. Behavior analytics can help detect chronic offenders.

9. HIT cyberattacks often go unnoticed for many months. By that time, a lot of damage has been done.

10. Don't negotiate with cybercriminals.

11. You need an in-house team to respond to incidents but you can outsource monitoring.

12. HIT is being hit because that's where the money is and the pickings are easier since financial services got better at stopping hackers.

13. You need a crisis management plan in the event of a cyberattack.

14. We are not training enough people in HIT cybersecurity.

15. Independent practices affiliated with large hospital systems represent a challenge, particularly when using different systems.

16. As the Internet of Things gets bigger and interoperability becomes more of a reality, there is more to attack.

17. “Share but protect” is becoming harder.

18. Most cyberattacks happen because doctors and other staff members open phishing mail with viruses, malware, and ransomware. They need continuous monitoring and education.

19. Cybersecurity has moved from the basement to the boardroom.

20. Most security information officers get paid to say “no.”

Whether you are a small, independent practitioner, independent but affiliated with a large system, or an employed physician in a large system, cyber security has become as important as washing your hands. Passing on a virus in either situation can have catastrophic consequences.

Related Videos
Victor J. Dzau, MD, gives expert advice
Victor J. Dzau, MD, gives expert advice
Related Content
© CW Advisors LLC
October 9th 2024

3 cornerstones young physicians need for a strong financial foundation

VIDEO: The Costs of EHR
April 15th 2015

VIDEO: The Costs of EHR

healthy diet concept: © aamulya - stock.adobe.com
February 9th 2024

How to guide patients to healthy eating habits

VIDEO: The Challenges of EHR Adoption
April 14th 2015

VIDEO: The Challenges of EHR Adoption

physician doctor team taking morning coffee break: © everythingpossible - stock.adobe.com
December 22nd 2023

Fixing a broken heart; dry powder vaccines; Surgical Barbie – Morning Medical Update

physician doctor hands with morning coffee: © kwanchaichaiudom - stock.adobe.com
December 21st 2023

Youth movement against cholesterol; hospital coffee machines as bacteria havens; HHS takes aim at poor maternal health - Morning Medical Update