Healthcare IT Security Solutions: Are You Prepared? - Cover

Healthcare IT Security Solutions: Are You Prepared?

As healthcare solutions become ever more IT focused and the IoT (Internet of Things) grows ever larger, cyber attacks on care facilities become increasingly prevalent. Many even feel that healthcare lags behind other industries in their ability to secure confidential data.

While the prospect of a security breach is nothing new, 2016 has seen several high-profile attacks: for example, the Hollywood Presbyterian and Kansas Heart Hospital attacks. These and other newsworthy ransomware/malware attacks have put increased scrutiny on the readiness of HIT security solutions. “One of the most common concerns in healthcare board meetings is cybersecurity,” said Rasu Shrestha MD, Chief Innovation Officer at UPMC, during a recent conference.

The damage from attacks such as these often extends far beyond the money lost in paying a ransom to regain access to your systems. Attacks can compromise patient data, damage a care facility’s reputation, and even directly impact patient care (just imagine someone hacking a smart pump!). It’s no wonder that HIT security keeps many a CISO up at night.

KLAS released this week the Security Advisory Services 2016 report. The providers we interviewed discussed the growing shift in focus from simple HIPAA compliance to risk assessment and mitigation.

Type of Work Performed - Broken Out by Size

The chart above shows that larger hospitals have begun to shift from merely trying to meet HIPAA guidelines or avoid fees to serious assessment of the strength of their HIT security. Meanwhile, smaller healthcare facilities still focus mainly on updating their systems for HIPAA compliance.

The report also zeroes in on which advisory firms will best help providers meet their varying and specific needs. Providers gave ratings on five firms: CynergisTek, PwC, Deloitte, Clearwater Compliance and Dell Services. KLAS also gathered preliminary data on 6 other advisory firms.

KLAS hopes that by providing this report, CIOs and other decision makers will take an introspective look at their own IT landscape. If they need to make changes, we hope they will be better equipped to choose an advisory firm to meet their security needs.