Cybersecurity is a hot topic, especially with the dramatic increase in telehealth visits due to the pandemic. According to Healthcare IT News, the rapid implementation of many telehealth services without the proper security configuration is causing a surge in cyber attacks. No matter what vertical or industry you serve, managing cybersecurity risk is, or should be, a major priority.
Merriam-Webster defines cybersecurity as “measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack.” The depth of cybersecurity needs varies based on the size and scope of the organization and the level of privacy regulations required by the industry.
Two industries that come to mind requiring heightened level of security are finance and healthcare. In the financial world, protecting clients against unauthorized access to their financial information assets is paramount. Healthcare organizations have a responsibility to protect patients and their protected health information (PHI). Both industries have stringent compliance regulations to ensure they are conscientious to keep private information and accessibility secure.
In 1996, The Department of Health and Human Services (HHS) instated the Health Insurance Portability and Accountability Act (HIPAA) to improve the efficiency of healthcare and the protection of patient information. The cyber world has changed substantially since that time, and modifications have been made to address the increased use of technology to store and share confidential patient records.
How Secure are Your Systems?
Yearly risk assessments are in place for most hospitals or health systems, but do you, as a leader or executive, feel confident in the management of those risks throughout the year? According to Becker’s Hospital Review, HHS data shows 66% of healthcare data breaches are caused by hackers. How do you measure your risk level and are those risk levels easy to communicate to other leaders or stakeholders?
JTS Health Partners (JTS), in partnership with Cyber Self-Defense (CSD), have developed a comprehensive risk assessment process and procedure to deep dive into each potential touchpoint and its associated risk for possible breach. The assessment includes a physical walkthrough of the facility or facilities, a HIPAA Gap analysis (including comprehensive application review), and high touch, low anxiety, personnel interviews. This easily understood process identifies risk levels in an annual security plan that is both HIPAA/HITECH compliant and easily communicated by leaders to the organization. The Teach-As-We-Go methodology used by JTS and CSD allows for mentoring and enabling management and staff to be an active part of the Privacy and Security initiative. People are the greatest asset and can enable an organization effectively when the program is well communicated.
2020 again brings another sharp increase in the number of privacy and security breaches; now is the time to understand and mitigate risk to your systems and processes. For more information on cybersecurity, contact JTS at (470) 443-3507 or info@jtshealthpartners.com.