Tell us about you

Work Email required

Organization required

First Name required

Last Name required

Job Title required

Phone required (###) ###-####, or int ######...

City required

State/Province required

Tell us about your organization

error messages will go here...

Looks like we’re already familiar with you!

Please press next to continue with the survey.

Looks like we’re already familiar with you!

According to your account type you are not eligible to take surveys at this time. If this is a mistake, please contact KLAS.

If you are trying to access KLAS research data and reports, an email has been sent to   with a link to login.

If the email doesn't appear in your inbox, ask your IT department to add KLASresearch.com to your company spam filter's "whitelist", and check your email's spam folder.

Membership Commitment

In exchange for giving their feedback, healthcare providers can create an account to get access to industry reports, user commentary, and real-time ratings.

By submitting your account request, you are engaged in patient care as either an employee (or contractor) of your provider organization and that you confirm that you have reviewed and agree to abide by the Terms of Use for this website as updated periodically.

To learn more about how we process and protect your personal data, you may view our Privacy policy.

By submitting your account request, you confirm that you have reviewed and agree to abide by the Terms of Use for this website as updated periodically. To learn more about how we process and protect your personal data, you may view our Privacy policy.

By submitting your account request, you confirm that you have reviewed and agree to abide by the Terms of Use for this website as updated periodically.

To learn more about how we process and protect your personal data, you may view our Privacy policy.

 

To learn more about how we process and protect your personal data, you may view our Privacy policy.

 

To learn more about how we process and protect your personal data, you may view our Privacy policy.

Thank You! Your information was submitted successfully!

Next Steps - An email has been sent to . Please follow its instructions to verify your email, and login.

If the email doesn't appear in your inbox, try asking your IT department to add KLASresearch.com to your company spam filter's "whitelist", and checking your email's spam folder.

Thank You! Your information was submitted successfully!

Next Steps - A KLAS representative will contact you to discuss working with KLAS, typically within 24 to 48 hours.

If you have any further questions please contact info@klasresearch.com or 1-800-920-4109.

Surprise! Looks like we already have an account for you.

An email has been sent to blah@blah.com with a link to login.

If the email doesn't appear in your inbox, try asking your IT department to add KLASresearch.com to your company spam filter's "whitelist", and checking your email's spam folder.

How to Strengthen Your Security Program - Cover

How to Strengthen Your Security Program

Health systems are experiencing a barrage of cybersecurity attacks. Establishing a strong security program is paramount to thwart bad actors’ plans of gaining access to critical data and systems. 

The majority of health systems have a security program in place, but programs will continually need to be strengthened and refined. What can health systems proactively do to continually enhance their security programs?

KLAS reached out to healthcare-focused cybersecurity firms and asked the following question: “What can health systems do today to avoid pitfalls and gaps in their security programs?

The following healthcare focused cybersecurity firms provide a response*:

 

Clearwater:

To optimally manage cyber risk, health systems need to understand their IT systems' scope, the reasonably anticipated threats to those systems, the vulnerabilities within them, and the safeguards in place to protect them. Next, they need to understand the likelihood of those threats exploiting a vulnerability or breaching a system as well as the business impact to their organization if that were to occur. With this information, security leaders can inform their executive team on the existing risk, the investment needed to mitigate that risk, and where to most effectively apply that investment to reduce their risk.

 

Impact Advisors:

Healthcare security programs are often underfunded, inadequately resourced, and frequently less mature when compared to other industries. Closing this gap must be a priority. While risk assessments are necessary for attestation, they are rarely relatable to the business of healthcare. To be effective, security risks must make sense to top executives and board members and provide clear visibility of potential operational impact. Organizations should move from “qualified only” risk (high-medium-low) and incorporate more quantifiable and actionable language. This approach will increase executive engagement, foster support, and ultimately drive higher value from security programs as they support the business of healthcare.

 

Intraprise Health:

Health systems should make it an imperative to holistically address risks and threats through the adoption of a risk management framework (RMF). The federal government has created incentives through a recent HIPAA Safe Harbor ruling for health systems that can demonstrate the implementation of “security best practices,” which many experts interpret as the adoption of an RMF such as NIST or HITRUST.

RMF adoption can benefit all organizations by bringing together security, privacy, compliance, and supply chain risks within a unified program. The most effective RMF programs are not one-time events but rather an ongoing process geared toward maturing the cyber resilience of the organization. 

 

Fortified Health:

As cybercriminals continue targeting the healthcare sector, it is absolutely essential for organizations to execute security fundamentals, namely, education, patching, identity and asset management, and monitoring systems. Significant strides to an organization’s security posture can be made by implementing a consistent patch management strategy, inclusive of third-party patching, along with reviewing users and their access privileges. Having full visibility to network activity is key, as is enabling authorized access controls, such as multifactor authentication. Lastly, education through a comprehensive security awareness program focused on phishing risks strengthens an organization’s overall security posture and reduces its threat attack surface area. 

 

Meditology Services:

  • Assess – perform annual enterprise-wide security risk assessments. Use frameworks like NIST and HITRUST. Perform routine penetration tests to find the security gaps before the hackers do.
  • Maintain Compliance – document your risk analysis and implementation controls aligned with HIPAA and maintain a risk register. Pay attention to major regulatory shifts underway for HIPAA, HITECH, CMS, OCR, and state regulations. 
  • Manage Third-Party Risk – mature and automate your vendor risk management program to combat supply chain risks.
  • Prepare – update incident response plans and test them often. Focus on ransomware simulations, phishing, and cloud hacking attacks. Expect and prepare for class action lawsuits.

 

Cybersecurity is a continuous journey and not a destination. Health systems and cybersecurity firms must continually work together to combat the evolving attacks from bad actors. Steady education and concerted efforts to strengthen security programs and tools are essential to start stemming the tide in cybersecurity.

For additional insights about the firms that participated in this article, go to KLAS' data on security and privacy consulting services.

  

*Responses were limited to 100 words.


Photo Credit: Adobe Stock, maxsim