1. Security Monitoring in a Silo
Siloed security monitoring is one of the biggest mistakes a healthcare organization can make. A lack of collaboration across departments will only prolong unexpected downtime.
It’s not uncommon to see this mistake happen across all industries. Organizations often focus so much on the act of monitoring that they don’t create any meaningful action from it, and it doesn’t reach the necessary stakeholders for better coordination and collaboration. Healthcare organizations with this approach will miss the bigger picture.
2. Over-Reliance on Technology Without Action
Having best-in-class cybersecurity tools does not mean an organization can automatically glean meaningful, actionable information from them. Ultimately, the tools themselves won’t create a strong security culture, so break the habit of relying solely on technology.
3. Lack of Testing and Validation
Even if an executive or third party pushes for one solution, don’t quickly adopt it without testing and validating whether it will work in the organization’s environment. Take the time to perform simple tests or a proof of concept to see if the solution fits. The validated solution should be interoperable and work with current applications.
4. Lack of Effective Written Policy
Organizations need a holistic policy in place to respond to events effectively and consistently, regardless of time or date. If there’s no written policy, there will be gaps in the continuity of resources and the response will be uncoordinated and ineffective. Even when relying on a third-party monitoring service, organizations need to ensure formalized collaboration between an internal team and the partner.
5. Lack of Internal Communication
Healthcare organizations need to define and assign responsibilities before unexpected downtime occurs, and those roles need to be validated regularly through tabletop exercises. That way, when Humpty Dumpty falls off the wall, everything has a written process to jump-start the recovery.
Overall, addressing these five mistakes will help healthcare organizations avoid a knee-jerk reaction to security events, and instead provide a more comprehensive, calculated response that will help them avoid that critical 48 hours of downtime.
Healthcare stands apart from finance, education, retail and manufacturing because of the COAT principle: clinical, operation, administration and technology. If you take away the clinical aspect — the doctor’s COAT, if you will — then healthcare is like any other industry. Because of that crucial clinical aspect, however, we need to make sure organizations can continue running without a hitch.