- Awareness training: “By now, everyone has heard that, ‘people are the new perimeter in security,’” Berger said, “yet, in my opinion, most healthcare organizations still invest only a fraction of their IT budgets in security awareness training. Perhaps it’s time for cybersecurity to be elevated to the same risk management equivalence as health and safety.”
- Technology: Scott and others say the right technology solutions can, “detect insider threats, segment data according to identity and access, and automate cyber-hygiene.”
- Build security in: This will not happen quickly, but healthcare organizations need to start demanding that vendors of medical devices, “incorporate security-by-design throughout the development lifecycle,” Scott said.
- Know your assets: “Not just the hardware, but the software, too,” Finn said, “and most importantly, where your data is and how it is being used.”
- Think like an attacker
- Stay up to date with patches of hardware, software and operating systems.
“Cybersecurity is not a fad or a trend,” Scott said, “and the healthcare sector needs to recognize its need for dedicated information security personnel and to begin aggressively recruiting talented professionals capable of monitoring and responding to the hyper-evolving threat landscape.”
Sign up for Computerworld eNewsletters.