Ransomware top concern for health IT, security execs - is it yours?
Is security in your top 3 - 5 initiatives and concerns for your business as you enter 2017?
If not, it should be - especially if you are in the Healthcare industry. As we continually point out here on our blog, the state of IT Security, and more importantly attention and awareness towards IT security, in healthcare continues to be abysmal. The majority of folks continue to ignore the issues, or simply don't think they are as important in the grand scheme of all that it is important in their business. At the same time there are many who get that this is an issue, but simply don't know what to do or how to do anything about the problem.
Ransomware and malware attacks rank as the top cybersecurity concerns for hospital IT and security executives who responded to a survey jointly unveiled Thursday by the College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS). Results here.In particular, survey respondents (.pdf) indicate they worry most about data exposure, but said that poor authentication was the most common vulnerability. Malware and ransomware were listed as the most common exploits, by the 190 CHIME and AEHIS members who participated in the survey.
This particular statement rings true to us as we deal with clients in the healthcare industry:
Most executives said that because security is not looked at as a patient care or quality of care issue, business strategy did not drive security strategy.
Remember, you cannot take a rifle shot approach! Security is an integrated component of IT strategy which should be aligned with business strategy. If there is no awareness and integration, then you have islands with no bridges. This means there is no interconnectedness, no speed at which decisions and responses can be made because the critical linkages are missing. When considering IT security, consider IT alignment with your business strategy. If you have no strategy, then at least begin to create alignment with the executive team and/or board room so that IT is not acting independently. When you have an incident, and when data is breached, rest assured the entities who investigate, the entities who prosecute and the entities who are affected will care deeply that you didn't care enough at the highest levels of the organization to take the measures needed to protect you organization, and their data.
Let's get serious about this!