Securing Healthcare Information, The Right Way

Securing Healthcare Information, The Right Way


By Mark Johnson

President, Xtrii


We see the headlines too often – another healthcare organization’s information systems have been breached and sensitive data has been stolen. Allscripts, Banner Health, UCLA Health, Premera Blue Cross, Anthem Blue Cross, and many others are recent examples. If these massive companies with their extensive technology teams can be exploited, it can make you wonder: “How secure is my healthcare information?”


Cybersecurity: A Growing Challenge For Healthcare

Hackers are now focusing on healthcare data and healthcare organizations as their top target. Industry experts are predicting that the cybersecurity challenge is likely to get worse, and that the damages will become even more devastating. When this happens, the company image and credibility is damaged, loss of customers, huge financial impact, and typically the CEO and top leaders are fired. In the case of a smaller organizations and physician practices, most can’t endure the damage and are ruined.  Are you prepared to explain to your patients and regulators when sensitive, protected health information is compromised?

So, how can it be avoided?  Why does this serious problem continue?  Most organizations are not taking the right approach to cybersecurity.


Addressing Your Cybersecurity

To address your cybersecurity the right way, you need to properly assess your vulnerabilities and capabilities.  Here are 10 common cybersecurity issues missteps/issues that organizations must address:

  1. Inadequate Assessments: Too many organizations conduct assessments that are not comprehensive, and don’t address the most pressing threats.
  2. Inadequate employee training:   Your employees are the front line of your cybersecurity and are often the most vulnerable point. Most breaches occur through “human exploits” and/or “social engineering”. Cybersecurity experts agree that the best cybersecurity investment you can make is better employee cybersecurity training. How well prepared are your employees?
  3. Putting too much faith in Paper Accreditation: Paper Accreditation doesn’t equal real-world security:   Most of them miss the mark and give a false sense of security.
  4. Misinformed decision-makers:   To find the issues and execute the right actions, decision-makers need guidance from an unbiased, credible, cybersecurity expert.
  5. Hackers don’t play fair:   Today, hackers are constantly coming up with new techniques to trick employees into unknowingly provide the hacker access.
  6. Hackers have a major advantage:  Hackers only have to find ONE vulnerability in order to gain access to your systems and data.  You have to protect the entire environment against ALL potential vulnerabilities.
  7. Hiring a cybersecurity company without research:  It’s important for companies to research and hire the right cybersecurity expert with hands-on, real-world experience in healthcare technology/cybersecurity, which has prepared them to know the right questions and the right follow-up questions to ask specifically for your organization.
  8. Being held up by cost concerns:  A comprehensive cybersecurity assessment can be very affordable, if you select the right firm. For the best value and results, don’t just select a common “brand name”, select the best expertise and the best fit for your organization.   When you consider the staggering cost of being hacked, the cost of a cybersecurity assessment is a very wise investment.
  9. Thinking cybersecurity is only an IT problem: Cybersecurity is a company-wide responsibility.  The Board of Directors, the CEO, and everyone in the organization must be properly educated, prepared, responsible, and focused on cybersecurity.
  10. Not putting in the time: Take time to craft the appropriate, comprehensive plan, and sustain your cybersecurity focus:   Engage a cybersecurity advisor that will help your quickly assess your needs, address your risks and sustain your protection. Your organization is counting on it!

Cybersecurity is vital for your future and doing it the right way makes all the difference.


Mark is a global technology leader that has advised and led the top healthcare organizations for more than 30 years. He currently serves as the President of Xtrii,