It’s Always Sunny in Philadelphia
Healthcare Informatics, an-online publication, hosts a series of Health IT Summits across the country. We just returned from the Philadelphia Conference. We had many opportunities to network with industry experts, and IT professionals. Our team benefited from gaining more knowledge about specific IT security challenges. In the Great Bay Software booth we found enthusiastic interest in our products and solutions. Friday sessions were solely focused on cybersecurity and we found that the keynote and panel speakers were directly speaking to the business challenges that we aim to help solve for our clients.
Do You Have a Security Framework?
One panel in particular, “Practical Tips for Creating a Cybersecurity Framework that Meets Your Privacy Standards”, resonated with many attendees. Long title – but true to its description. A quick rundown of the “do’s” and “don’ts”:
- Don’t rely on “checkbox compliance” alone. It will not maximize your security.
- Don’t simply march towards HIPPA compliance – it’s not enough.
- Do have annual technical and non-technical risk assessments and conduct penetration testing.
- Do allow for self-assessments and audits.
- Don’t allow your security strategy to stagnate. The constantly changing threat landscape requires a framework that can evolve and adapt.
- Do conduct IT security workforce development to build-up the required skills. Train the incident response team deeply so they are ready immediately if an attack/breach does occur.
- Don’t keep employees in the dark. Make sure they are trained and know how to respond if something goes wrong – either through internal errors or external attacks.
- Do maximize your funding by creating models that demonstrate how security investments are being controlled and managed. Inform your CIO about the threats your spending targets and the expected results.
- Finally, do leverage existing models such as from CIS and HITRUST in order to create your model and framework.
What’s Important? What’s Enough?
A constant theme was about how much security is enough and how do to address security without interrupting workflow. While 0% risk is never going to be possible, evolving technologies and applications – such as IoMT – require innovations in security solutions.
Another hot topic at the Health IT Summit was around the importance of understanding your organization’s top risks and top assets. And for many security professionals their biggest security threats were medical devices and personal email. Take note that the number #1 CIS security control is the inventory of authorized and unauthorized devices.
Great Bay Software is focused on tackling security risks in the healthcare segment. Our Beacon Software Suite enables you to know and trust what’s connected to your network. Learn how our solutions can discover, profile and control all of your endpoints – and become a key part of your security framework.