The cybersecurity framework organizations should follow to keep data safe

Experts say a functioning system should be based on understanding your workforce, your technology and your employee workload – and it should involve everyone in your organization.
By Kat Jercich
02:32 PM
A three-person security team

As healthcare technology continues to advance, it's more important – and more challenging – than ever for provider organizations to secure patient information and keep data safe.

"Today, healthcare organizations are using technology to produce, create, collect, interpret and share immense volumes of data and information," said Allison Norfleet, business development manager at Cisco, in a recent HIMSS20 Digital presentation.

That volume, explained Norfleet during the Cisco-sponsored talk, Why Security Is More Critical Than Ever, means organizations are at a higher overall risk for data breaches. 

Norfleet noted that existing security concerns have been exacerbated by the COVID-19 pandemic, which has already seen cybercriminals targeting healthcare organizations.

Addressing potential vulnerabilities is essential, she said, because "a severe cyberattack can bring healthcare providers to a standstill, forcing our organizations to turn away patients."

Cisco Solutions Architect Marlon Harvey explained that a functioning cybersecurity framework should include a number of organizational capabilities, including knowing users, seeing conversations taking place, understanding what is normal, being alert to change and responding to threats quickly.

This framework, he continued, should be based on three premises: understanding your workforce, understanding your organization's technology and systems, and understanding the workloads being facilitated.

"When you think about what the [threat grid] is trying to do ... it's trying to identify and inform you in a real-time manner what actions need to be taken," Harvey said.

As organizations develop such a framework, presenters said, they should consider profiling mission-critical applications, identifying key stakeholders and evaluating the current state of security gaps.

Overall, said Norfleet, "Security is an executive and boardroom imperative."

"Anybody [who] touches your organization needs to embrace your security strategy," she said.

HIMSS20 Digital

Experience the education, innovation and collaboration of the HIMSS Global Health Conference & Exhibition… virtually.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.