Healthcare News & Insights

3 strategies for meeting new cyberthreats

There’s a new cybersecurity threat that hospital leaders need to worry about, and the potential consequences could be huge. 

187104312Earlier this year, facilities were warned that the computer virus Heartbleed could expose their systems to online attacks from hackers. That warning turned out to be especially pertinent since hackers recently used Heartbleed to breach Community Health Systems’ PHI.

Now, the Health Information Trust Alliance (HITRUST) put out an announcement that a new vulnerability had been discovered in unix- and linux-based operating systems, as well as in Apple Macs OS X systems. And what’s worse, is that the group believes the new threat could trump Heartbleed.

The new bug, called Shellshock, primarily affects Bash, a common program that collects and interprets commands between programs in an operating system. When Bash starts up, Shellshock gives hackers an opportunity to break in and take over the program.

So far, no patches have fixed the Shellshock issue, so HITRUST is putting providers on high alert about potential cyber attacks, especially since medical records have become a top target for hackers. Hospitals will have to bolster their security efforts if they want to protect themselves from new cyberthreats, and the wave of government regulation and investigations that typically follow new threats.

Cyber security strategies

In order to help other providers develop effective, adaptable security plans, Ed Marx, Chief Information Officer (CIO) of Texas Health Resources, recently spoke on the subject at the HIMSS Privacy and Security Forum.

As HealthITNews reports, Marx outlined why security planning needs to begin with hospital leaders’ buy-in. He emphasized that compliance should be the foundation, not the finish line, for facilities’ security programs. In order to establish a culture of IT security and develop effective security programs, Marx recommended these three strategies:

  1. Remove barriers for CIOs and compliance directors. Leaders involved in health data security need a level of authority in your facility in order to impact operations.
  2. Give the chief information security officer a seat at the table. Once your facility has found a good fit for this position, ensure that he or she has access to other decision-makers in your organization for collaborations on and updates about programs.
  3. Form a security council with business and clinical leaders to plan proactively for breaches. Linking security and compliance leaders helps facilities evaluate and prioritize risks based on your facility’s operations and challenges. For Marx, his health system also utilizes a managed security service since the system doesn’t have the internal staff necessary to handle all its security risks.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.