Duration: 5 min. read
Content and Document Management, Electronic Health Record (EHR), Electronic Medical Record (EMR)
Beyond COVID-19: Security in the news
By Jennifer Marshall, Director, Technical Product Management, Healthcare Technology Analytics Solutions
This is the second article in a series on topics inspired by a focus group discussion among members of CHIME (College of Healthcare Information Management Executives) about strategies used to adapt during the pandemic.
Healthcare organizations are the guardians of protected health information (PHI), and security has always been paramount to protect data and prevent identity theft. Breaches stemming from the pandemic and ransomware attacks have accelerated investments in security. Throughout the remainder of 2021 and beyond, digital transformation and cybersecurity will continue to be important to organizational strategies to help ensure hospitals and health systems stay ahead of threats.
CHIME recently shared a fact sheet of free government resources available to victims of compromise as well as best practices on how to better protect the healthcare technology system infrastructure.
Security resource roundup
At Quest Diagnostics, we are committed to the privacy and security of personal information. I recently asked our Security Risk and Compliance team to share some available resources to keep informed about cybersecurity and healthcare. Below are additional sources that can enable healthcare professionals to keep up with the latest cybersecurity news, trends, and leading practices for the healthcare industry.
|Bitpipe.com||The enterprise IT professional’s guide to information technology resources. Browse this free online library for the latest technical white papers, webcasts and product information to help you make intelligent IT product purchasing decisions.|
|The Cybersecurity & Infrastructure Security Agency (CISA)||Works with partners to defend against today’s threats and collaborate to build more secure and resilient infrastructure for the future.|
|Health Information Sharing and Analysis Center (H-IASC)||A community of critical infrastructure owners and operators within the Healthcare and Public Health sector (HPH) with a mission to enable and preserve the public trust. The member organization seeks to advance the global health sector’s cybersecurity and physical security protection and resilience and enable the ability to prepare for and respond to threats and vulnerabilities.|
|The US Department of Health and Human Services (HHS) Cybersecurity Act of 2015 (CSA) 405(d) Aligning Health Care Industry Security Approaches program||Provides a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity.|
|The International Association of Privacy Professionals (IAPP) Daily Dashboard||Provides privacy and data protection news from around the world.|
|The Office for Civil Rights (OCR)||Provides 2 listservs to inform the public about health information privacy and security FAQs, guidance, and technical assistance materials.|
|National Cybersecurity Center of Excellence (NCCoE)||Part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges.|
|The National Institute of Standards and Technology cybersecurity and privacy activities||Seeks to strengthen the security of the digital environment. NIST’s sustained outreach efforts support the effective application of standards and best practices enabling the adoption of practical cybersecurity and privacy.|
|The National Law Review||Online edition seeks to capture legal trends and news as they first start to emerge.|
|The New Jersey Chapter of ISACA||One of more than 220 chapters around the world that connects information systems governance, control, risk, security, audit/assurance, business, and cybersecurity professionals and enterprises.|
|The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC)||The state’s one-stop shop for cybersecurity information sharing, threat intelligence, and incident reporting. Acting in a cyber fusion center capacity, the NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness.|
|SANS AtRisk||Provides a weekly summary of newly discovered attack vectors, vulnerabilities with active new exploits, insightful explanations of how recent attacks worked, and other valuable data.|
|SANS NewsBites||A semiweekly executive summary of recent cybersecurity news articles. Each news item is annotated with important context provided by respected subject matter experts within the SANS community.|
|SC Media||Shares industry expert guidance and insight, in-depth features and timely news, and independent product reviews in partnership with and for top-level information security executives and their technical teams.|
Staying updated and implementing cybersecurity best practices can help reduce vulnerability to cyber attacks or help reduce the impact of an incident. Watch for the next topic in this series, which will discuss cloud-based data management.
Disclaimer: The information contained in this blog post is provided solely for informational purposes and is not intended to be specific guidance or advice.