In today’s rapidly evolving digital landscape, staying ahead of cybersecurity threats and data privacy challenges is more critical than ever. Organizations are constantly navigating new, complex regulatory requirements.
As we observe Cybersecurity Awareness Month, I wanted to highlight various threats and emerging trends facing healthcare organizations today, and how our Cybersecurity & Privacy Team can help mitigate risks to ensure proper data protection:
What are the most significant cybersecurity threats organizations face today?
One of the most significant threats is a ransomware attack. These events are not only financially devastating to a business, but have significant ramifications from an operations perspective, as they may halt vital operations and divert personnel time from key services.
How can organizations mitigate these risks?
A robust cybersecurity compliance program is vital. Organizations need to wrap their arms around where their data lives, what access do employees or contractors have to their systems, and what protections can be put into place to make sure that the organization is as protected as possible from today’s sophisticated cyberattacks.
What emerging trends in cybersecurity should businesses be aware of, and how can they prepare for these developments?
One emerging trend I see, particularly over the last several years, is that organizations are really taking inventory of their vendors’ cybersecurity controls. Vendors have been and remain a weak link for an organization because obviously they have processes that the customer is not able to control.
We see this in the healthcare space where health plans and healthcare systems are requiring vendors to undergo audits and requiring them to execute security addenda to services contracts. It is really important for the vendors to review these requirements from an IT perspective, as well as to take assessment as to what those provisions require of the organization. Oftentimes we see them in conflict with a negotiated underlying agreement, or in the healthcare space, a HIPAA business associate agreement.
It is really important for an organization to understand what its customer is asking for from a cybersecurity perspective, to make sure the organization can comply, and to confirm that, if some of those provisions are triggered, that they are not too onerous.
What are some best practices for organizations to ensure robust data privacy and security in today’s landscape?
One helpful best practice would be to bring in a third-party consultant to analyze the organization’s risks from a cybersecurity perspective. Organizations should take assessment of where they have potential vulnerabilities and then work to remediate or eliminate those risks. Regulated entities may already have legal or contractual requirements to conduct such analyses, but bringing in an outsider to evaluate risk and prepare a risk management plan is a great first step at safeguarding data.
Another important element to cybersecurity is ensuring that the organization maintains an incident response plan and a disaster recovery plan. These should be living documents that are tested by the organization. The organization should walk through the disaster recovery and incident response plans with everyone who will be involved: IT, the PR team, the HR team, leadership, and legal counsel, among others. This process will show if there are any holes and will allow the organization to tweak each plan so that if an event does occur, the organization will be prepared and ready.
