Keeping your patient’s data safe requires more advanced tactics.
It seems like it happens nearly every day – either you see a news report about a security data breach or you get an email that your password to one of your personal accounts has been compromised. And, it’s not just you. Healthcare is now being more aggressively targeted, and radiology – with its mounds of personal imaging and clinical data – must take steps to protect itself.
In an article published this month in the Journal of the American College of Radiology, industry experts from Michigan took a look at the most effective steps and go beyond the basics to help you and your department or practice better shield yourself from malicious attacks.
“A successful attack can have a significant negative clinical, monetary, regulatory, and public perception impact to practices,” said Rich Wunsch and Andrew K. Moriarty, M.D. “Healthcare has lagged other industries in funding cybersecurity programs and, coupled with a reliance on older technologies and the critical nature of healthcare, has motivated attackers to focus attacks on the industry.”
Wunsch is the director of IT infrastructure for Advanced Radiology Services in Michigan, and Moriarty is vice president of clinical operations and quality committee chair at Advanced Radiology Services, as well as assistant professor of radiology and biomedical imaging at Michigan State University.
The most effective defense, they said, is treating your cybersecurity efforts like pest control. Both internal and external measures are critical. At a minimum, they said, put these basics in place:
Once these measures are in place, take it to the next level, they said. Consider these more advanced tactics:
But, before you get started, Wunsch and Moriarty said, be sure you have fully assessed your current security situation and have all the appropriate stakeholders on board for making any changes.
Get Support from the Top: Your cybersecurity efforts will be most effective if you have buy-in from leadership, they said. Define your security program objectives, and be sure it aligns with your business objectives. Outline the steps you need to achieve the goals and what you need to make those measures happen.
“Without the support of leadership and senior management, success will be an elusive target,” they said. “The leadership and cybersecurity teams must work together to define a security program strategy that is aligned with the overall business strategy and expectations.”
Assess your situation: Take a full inventory of the software and hardware you have available – even the products that are old or are not currently being used. Be sure to catch any software that needs patches as this can be a blind spot for your organization.
“This is the low-hanging fruit attackers look for,” they said, “learning more about your environment that you even know.”
Taking the time to evaluate your current security measures and putting new strategies in place can help save your organization from the stress and harm that comes with cybersecurity attacks, they said.
“Although it takes time and dedication, building a solid security practice not only greatly reduces risk to the organization but will also build the confidence of current and future customers who are trusting your organization to protect their vulnerable data,” they said.
For more coverage based on industry expert insights and research, subscribe to the Diagnostic Imaging e-Newsletter here.