Technology in health care goes beyond the latest surgical instruments and can create challenges for an organization’s information technology (IT) department. One of the biggest challenges that health-care organizations face on cybersecurity is retaining talent, according to Charlie Wood, a partner and practice lead at FoxPointe Solutions, the cyber risk-management and compliance subsidiary of the […]
Technology in health care goes beyond the latest surgical instruments and can create challenges for an organization’s information technology (IT) department.
One of the biggest challenges that health-care organizations face on cybersecurity is retaining talent, according to Charlie Wood, a partner and practice lead at FoxPointe Solutions, the cyber risk-management and compliance subsidiary of the Bonadio Group.
It can be hard for employers in Central New York to compete with those in bigger cities when it comes to attracting top talent, he notes. “You can’t pay what they pay in the big cities.”
That can often lead to turnover as employees move on to new career opportunities. The problem, Wood notes, is that those IT staff members take their knowledge and experience with them when they leave.
That means there can be a vulnerable period at the organization while it searches for and brings a new employee up to speed.
Individuals or groups trying to maliciously access data, the “bad actors,” are always looking for those vulnerabilities to gain access. Threats can come from a variety of sources, both externally and internally, Wood adds.
Phishing and ransomware attacks remain a concern. Other attacks can come from surprise means like a computer inadvertently left unlocked and accessible, Wood says.
Other events like mergers and acquisitions can create challenges, especially as smaller organizations are integrated into larger systems. For other organizations, budget constraints may impact the IT department and cybersecurity.
Regulatory complexity is an ongoing concern, especially for health-care systems, which have to protect health information, private data, and payment information.
“In health care, you have so much sensitive data,” Wood notes. “It’s a never-ending battle for these organizations.”
A breach can have far-reaching impact for an organization. “Reputational damage can be pretty significant,” Wood says. A breach can also come with fines or potential lawsuits. Some attacks may even prevent a health-care facility from providing care.
To best protect themselves, health-care organizations need to have robust cybersecurity and rigorous training for employees. Telling employees to “use common sense” on emails isn’t enough, Wood adds. Email content filtering, for example, can help weed out phishing attacks.
Some organizations may want to consider outsourcing at least some of their IT functions. “Find a virtual something instead of having IT in house,” Wood recommends. A virtual compliance officer, for example, is focused solely on all the laws and regulations to ensure compliance for an organization, freeing up in-house IT staff to focus on other things.
There are also resources available to help health-care organizations better protect themselves that may offer things like free software or vulnerability scans.
Organizations can also look for grants to supplement their IT budgets.
“There are grants out there,” Wood says. “There are cost-effective solutions out there.”
