There’s an ever-increasing number of threats to healthcare information. Healthcare information is more valuable and visible than ever; and, at the same time, more vulnerable than ever. You feel responsible and, as the CISO, you are responsible for its security. Conducting a comprehensive, bona fide risk assessment can be an effective first step in building credibility with the executive team and board and, therefore, in building a business case for cybersecurity investments in your organizations. In addition to conducting the risk assessment, you should:
- Find a sponsor on the executive team to use as a sounding board on risk appetite, sufficiency and understandability of supporting information and recommendations on mitigating risks.
- Build a cross-functional team to help identify and respond to threats and vulnerabilities to include representatives from any function that has access to protected health information (PHI) or is involved in procedures for providing or terminating access to PHI.
- Change the technology language you and your team use from “compliance and information security” to “patient safety and quality of care” – these words will resonate more with CEOs and other functional leaders you’ll want on your side.
Read the entire article at Healthcare Informatics.
Latest posts by Bob Chaput (see all)
- Clearwater unveils cybersecurity service to fight ransomware and other incidents - October 20, 2016
- The Threat is Real: A Recommended Approach to Cybersecurity and Patient Safety - October 10, 2016
- New Ponemon Study Reveals the State of Cybersecurity in Healthcare Organizations in 2016 - October 4, 2016