Hospitals and healthcare providers of all kinds and sizes are targets of
- cybercriminals stealing money and data, and
- extortion schemes, such as ransomware.
Cybercriminals might also target health organizations to cause social disruption by trying to shut down services and eroding public confidence.
Combating cyber threats when dealing with limited resources and efficiency demands can be a challenge. It’s crucial for people at all levels of a healthcare organization to understand the roles they play in protecting the organization, patient and stakeholder information and critical systems. Building a culture of cybersecurity in the workplace – especially a health organization that handles a great deal of sensitive personal information – is critical to being resistant, resilient and able to manage and mitigate cybersecurity risk.
The National Cyber Security Alliance (NCSA) is proud to partner with HIMSS to educate health organizations about how they can promote a safer, more secure and more trusted internet. NCSA was excited to be an Endorser of HIMSS17 and hosted a panel discussion on creating a culture of cybersecurity from the boardroom to the break room. Participating in the session with NCSA was JoEllen Frain, senior manager of risk management communication in the Mayo Clinic’s Office of Risk Management, and Lance Spitzner, director of the SANS Institute’s Securing the Human project.
The panel came about as part of NCSA’s and HIMSS’s longstanding partnership to make cybersecurity resources available across the healthcare ecosystem. HIMSS is an official partner of STOP. THINK. CONNECT.™ – the global online safety education and awareness campaign – and a regular Champion of National Cyber Security Awareness Month and Data Privacy Day. Online safety is a shared responsibility, and partnerships like the one we have with HIMSS are key to wide-scale dissemination and promoting a culture of cybersecurity at every health organization and beyond. We applaud the work HIMSS has done in the health IT security education space.
All organizations need a starting point to proactively protect their employees, patients and intellectual property. So, what can you do to protect your organization – and the people you serve – and build a culture of cybersecurity?
Build a cybersecurity program following these five steps that serve as the core of the National Institute of Standards and Technology (NIST) Cybersecurity Framework:
- Identify your digital “crown jewels”
- Build protections of your core assets
- Be able to detect if a cyber incident is taking place
- Have a plan for responding
- Have a plan to recover normal operations
Here are a few free resources that can help you foster a culture of cybersecurity at all levels of your health organization:
- Tip Sheet: Practical Tips on Safeguarding Information for Healthcare Organizations
- Infographic: Healthcare Organization’s Guide to Keeping Information Safe and Secure
- Infographic: Everyone is a Privacy Champion – 2017 Healthcare Organization’s Guide to Safeguarding Information
- Infographic: Creating a Culture of Cybersecurity from the Break Room to the Boardroom
- Infographic: Privacy is Good for Business
- NIST Cybersecurity Framework
Want to stay up to date on online safety, security and privacy awareness year-round? Sign up for our newsletter and check out the HIMSS Privacy & Security Library and our websites – staysafeonline.org and stopthinkconnect.org – for the latest tips and resources.