HHS CISO: 3 things hospitals should do right now to strengthen cybersecurity

Originally posted in Healthcare IT News, Tuesday, September 12th, 2017

By Tom Sullivan, Editor-in-Chief

BOSTON — Health and Human Services chief information security officer Christopher Wlaschin said there are three steps that hospitals should be taking today to bolster their security posture: join forces, treat your patching report like your profit-and-loss report and, at the very least, consider multifactor authentication.

“If you have the ability, then jump into the NH-ISAC,” Wlaschin said here at the Healthcare Security Forum on Tuesday. “They can help. It’s not just compliance, it’s also about preparedness and resilience.”

Several speakers including former Homeland Security Secretary Tom Ridge and President Obama’s cyberescurity coordinator Michael Daniel also recommended that infosec professionals participate in the NH-ISAC, which stands for the National Healthcare Information Sharing and Analysis Center.

UMC Health System information security officer Phil Alexander added that it’s not just the ISAC. Other options include the NIST and HITRUST frameworks, FBI and other listservs, Infragard.

Wlaschin’s second suggestion is to treat your patching report like a P&L — because it’s really that important to a hospital’s bottom line.

Whereas common key performance indicators healthcare CEOs consider are bed count, revenue, and compensation from CMS, to name just three, Wlaschin said the patching report should be among those KPIs.

If you cannot do either of those then at a bare minimum, Wlaschin advised deploying multi-factor authentication.

It’s no secret that many hospitals still struggle with budget constraints that inhibit them for joining an ISAC or even implementing multi-factor authentication technologies...

Read more insights from Christopher Wlaschin and the HIMSS Healthcare Security Forum here.