Security

Why Partnerships Are Important to Healthcare Security and Incident Response

Ensuring incident response plans evolve alongside cyberthreats can be burdensome to IT staff. Having a strong security partnership gives hospital systems access to expertise.

Mike Gregory

Mike Gregory is CDW's Healthcare Security Strategist and former Information Security Officer at Community Foundation of Northwest Indiana, Inc. He brings over 36 years’ experience in various information technology services, 16 years in healthcare. He has a great depth of understanding of information security and healthcare operations to drive initiatives in data protection, compliance and risk management, regulatory auditing and mature and privacy security programs.

Evolving cyberthreats are putting pressure on healthcare organizations to protect patient data and mitigate the risk of having to pay ransoms. So it’s no surprise that, along with clinicians, healthcare IT staff are experiencing burnout. According to a recent Spok survey, 53 percent of IT staff report that burnout levels have increased considerably since the COVID-19 pandemic began, and 9 percent report that burnout levels have increased “a great deal.”

Incident response planning can be overwhelming for healthcare organizations and IT staff, especially if they haven’t conducted a holistic review of their security program in the past. Having a security partner can help healthcare IT teams navigate the process of strengthening or implementing security tools and strategies.

Click the banner below for CDW resources to dig deeper into incident response planning.

Why Should Healthcare Organizations Consider a Security Partner?

To determine whether a healthcare organization should hire a cybersecurity partner rather than handling incident response itself, IT leaders should ask a few questions: Do the organization’s regulators or insurance carriers require them to show evidence that an incident response plan exists and tabletop exercises have been conducted? Does the plan include outcomes and participation of all affected departments and levels of management? Did the organization resolve all challenges discovered during its last assessment or exercise? Has the organization accounted for all technology in the plan, including those that affect patient outcomes? Does the incident response plan line up with the business continuity plan? Is it the best plan to bring systems back online after a major incident?

If IT leadership answers yes to their insurance carrier requiring evidence but no to any of the other questions, then they should consider hiring a security partner to help them with the planning.

Healthcare organizations should look for a partner with the depth of knowledge and experience to help craft a plan, strengthen security posture and implement security tools and strategies. They should choose a partner that understands security threats and exploitable vulnerabilities, with professionals who are equipped to handle evolving cyber risk and threats to patient data.

An experienced security professional will know how to assess an environment and quickly provide healthcare IT leadership with a roadmap for improving security posture. A good security partner will even orchestrate the implementation and offer managed services. The partner should understand the healthcare industry and perhaps even employ security experts who formerly worked for healthcare entities — that’s a great benefit to the customer. The partner’s track record is also important to consider. A partner should be able to demonstrate that it’s been successful in its approaches, orchestration, services and strategies. IT decision-makers don’t want to experiment with security strategies. They want a predictable and favorable outcome.

A healthcare organization that handles security internally may be unaware of emerging technologies — and emerging vulnerabilities. A good security partner can therefore be a wise investment, saving the organization time and money. A security partner’s expertise can help to mitigate the risk of costly cyberthreats, such as ransomware, and minimize downtime in the event of a successful compromise. A healthcare organization may also be unable to support a large internal security staff, which is another good reason to hire a security partner.

How Can Health IT Leaders Foster a Successful Security Partnership?

To ensure that a security partnership is successful, healthcare organizations should start by having a conversation and holding the partner accountable. The partner should be able to explain its approach, resources and how it can improve the healthcare organization’s security posture. IT leadership also should consider having an assessment done by the partner to learn from its security knowledge and expertise.

To make sure the communication goes both ways, healthcare organizations should share their initiatives and desired outcomes, and allow the partner to build a suitable and attainable security roadmap for the organization’s environment.

Click the banner below for more HealthTech content on security and incident response planning.

What Services Do Security Partners Provide?

Security partners should offer end-to-end security solutions that are tailored to the healthcare organization. A security partner can advise the organization on a wide range of comprehensive security assessments, such as vulnerability assessments, penetration testing, applications, system configuration, ransomware and social engineering assessments.

Through its CDW Amplified™ Security services, CDW can design, orchestrate and manage a healthcare organization’s security strategy. It can perform a comprehensive security assessment, as well as assessments against NIST or PCI security frameworks. CDW’s security experts begin by taking a hard look at a healthcare organization’s security posture from a multidisciplinary perspective. Its engineers then provide for a continuous defense strategy to meet the shifting conditions of the security landscape.

Understanding an organization’s current defense posture from a networking, information security and privacy perspective is key to designing a comprehensive strategy to prevent data breaches and proactively respond to cyberattacks. CDW engineers can assist with the installation and deployment of a security strategy to ensure the technology is optimized for the environment.

Working with CDW allows the healthcare organization to stay engaged, reduce its IT staff workloads and meet compliance requirements.

CDW offers solutions for information security networks, cloud environments and emerging cybersecurity technologies such as next-generation endpoint protection and firewalls. It also offers email security, cloud access security broker solutions, Software as a Service, data loss prevention, incident response, and identity and access management solutions. Of special interest to healthcare organizations, CDW also has expertise in digital velocity, supply chain management, clinical mobility, virtual care and senior care services, each of which is designed with embedded security.

CDW employs people who have experience in the healthcare industry to provide segment-specific expertise. Its engineers hold cybersecurity certifications and have experience working with 85 percent of healthcare organizations in the U.S.

This article is part of HealthTech’s MonITor blog series. Please join the discussion on Twitter by using #WellnessIT.