30 Dec Healthcare Data Sharing and Cybersecurity: A Vital Alliance
In today’s interwoven world, every minute can make a difference in either preventing an incident or responding to an event that affects a country’s critical infrastructure. The U.S. Department of Homeland Security (DHS) identifies 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the country that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Of these, the healthcare and public health sector are key elements and it is vital to share accurate information quickly so as to contribute to the security and strength of the national community.
It is indispensable for the security and safety of the health sector, and stakeholders within the sector, to share information of what is happening in regard to current threats (e.g., physical, biological, cyber, or otherwise), events that have occurred, and what modification was made to reduce negative impact. This data will thus provide a clear projection of what health entities can do to bolster their cybersecurity needs. Cybersecurity budgets are still lacking with typically 6% or less of the information technology budget allocated for this purpose. Relatively few healthcare organizations are pursuing end-to-end security risk assessments. Thus, many risks are unaddressed, due to the lack of these comprehensive security risk assessments. Data sharing can be the turning point in providing the needed situational awareness and preparation that is key for all organizations who wish to have a proactive security posture.
In order to stay ahead of a threat, information must be shared in an accurate, timely, and effective manner. For example, organizations may share information about phishing campaigns they have experienced in order to warn others about them. Phishing is typically the initial bait for significant security incidents. Both targeted phishing (spear-phishing) and general phishing are equally effective for infiltrating healthcare organizations. Since many healthcare organizations are dependent upon technology, robust cybersecurity is a must. Healthcare organizations should devise plans for upgrading or replacing legacy systems, conducting end-to-end security risk assessments, enhancing cybersecurity awareness and training programs, and increasing budgets. Healthcare data sharing will provide a map on how to effectively introduce the right cybersecurity for each individual healthcare need.
FPV & Galíndez knows that patient lives depend upon the confidentiality, integrity, and availability of data, as well as reliable and dependable technology infrastructure. When there is proper preparation, your business can prevent needless concern over potential security threats. Our experts have the tools your organization needs to fully prepare and face cybercriminals. Get in touch with one of our professionals that is ready to assist you and inform you further with services that can benefit your business.
About the author: Wilfredo Vera Pujols, CISA, CDPSE
A skilled consultant in the areas of Internal Audits and Compliance, Vera holds a BBA in Information Services from the University of Puerto Rico Mayaguez and a Master’s in Computer Sciences from the illustrious Polytechnic University of Puerto Rico. He has used his excellent preparation in the last 3 years of his specialty in Auditing and Consulting, Internal Controls, and SOX for our diverse clientele. Among some of his major clients are Evertec, Triple S of Puerto Rico, and Banco Popular, to name a few. We are sure that this ISACA member, along with the expertise of FPV & Galíndez’s skilled Consulting Department will provide strategic solutions for any IT and Cybersecurity needs your organization may have.