5 tips for fighting cybercrime
If you want to know how well a health system is protecting against cybercrime, you would have better luck talking to the criminals than asking the C-suite.
That's according to noted security expert Brian Krebs.
Speaking to a roomful of IT executives at the Gartner Symposium, Krebs said CIOs – including those in the healthcare industry – aren't doing a good job keeping the enterprise up to date on cyber threats, and that those looking to steal and make a profit from health information are much more informed, PCMagazine reported.
Krebs offered five tips for fighting cybercrime:
- Network segmentation: Make sure only those who need to see sensitive information have access privileges
- Dedicated incident response team: Set up a chain of command in the event of a breach, with roles clearly defined. In short, expect a breach, and plan accordingly
- Teach with breaches: Show staff what happens when a breach occurs, reviewing how other breaches have occurred and how they could have been avoided, so they're dealing with concrete examples rather than invented scenarios
- Drill your breach response: Practice often, so staff instinctively know what to do if/when something happens
- Include partners: With reports indicating as many as one-third of all healthcare data breaches are caused by vendors, it's wise to invite them and all others to the party
While Krebs' talk wasn't specific to healthcare, his advice rings true for an industry struggling with privacy and security issues. And the advent of mobile technology, both inside and outside the health system, only increases the avenues where hackers might get in and the opportunities for negligent or inadvertent data loss.
As he noted, executives can choose computer networks that are secure, fast or easy to use – but not all three at the same time.