Rick Spatafore of Sentinel Technologies discussed the foundational people, process and technology controls that should be in place to secure the healthcare environment. Many of these controls are often overlooked in favor of the latest vendor driven trend in cybersecurity. Organizations need to be able to identify where data resides, how it flows across their infrastructure, the risks posed to their data and develop an understanding of what is normal in their environment.
Discussion included a review of the controls (based on the NIST Cybersecurity Framework v1.1) and how to establish and mature the healthcare security program. Learning objectives include demonstrating how to begin developing a cybersecurity strategy. Additionally, organizations with established cybersecurity strategies will learn to mature their security programs by focusing on lowering risk to their organization and data.