Aug 05 2020

Make the Case for Security Spending

Healthcare IT teams work to ensure that they can mitigate risk without impacting the organization’s ability to deliver quality care. Communicating that approach to leaders is critical to gaining support for additional security investments.

Cybersecurity is always a top concern for healthcare IT officials, but as some clinicians and support staff pivoted to remote work during the COVID-19 pandemic — increasing the number of endpoints and possible weaknesses — it became even more critical. 

Meanwhile, the number of threat actors seeking to exploit overstrained facilities amid a public health crisis is on the rise.

Providers may not be prepared: A January survey from CDW and IDG found that healthcare organizations expect to devote just 22 percent of technology budgets to risk mitigation over the next two years. Other priorities — such as modernizing IT, improving collaboration and transforming user experiences — are expected to get bigger slices of the pie.

It’s no surprise, then, that healthcare respondents say they are least well-positioned to meet risk mitigation objectives, compared with other IT goals.

Added vulnerabilities created by telehealth and an increased reliance on mobile collaboration devices could make it even more difficult for healthcare facilities to meet security targets. To get back on track, IT and healthcare leaders must unite around a common understanding of the organization’s risks, needs and goals. 

Realignment in these areas enables stakeholders to identify and agree on the right security investments.

Working Together to Build Better Defenses

IT and healthcare leaders meeting to discuss the path forward have a big task ahead of them. While taking steps to meet compliance standards under HIPAA can help set the framework for reducing cyber risk, it’s up to the reporting organization to work with partners, vendors and employees to manage the details.

Getting the minutia right becomes especially important as teams turn to home networks and newly issued (or personal) devices to share sensitive information with patients and colleagues. After all, a healthcare breach can incur monetary consequences and impact physical safety no matter where it happens.

Adopting a comprehensive strategy can help solve security challenges that arise in both traditional and work-from-home settings by bringing together people, processes and technologies to close gaps more effectively. 

Because comprehensive security looks at risk mitigation as just one part of the larger whole, IT teams constantly evaluate how certain tools and tactics will impact the organization’s ability to deliver strong, compassionate care. Communicating that approach and value to healthcare leaders will make security discussions — and their outcomes — that much more successful.