The American Health Information Management Association, a consortium of health information management professionals and organizations, last week posted a list of recommendations for hospital cybersecurity approaches.
AHIMA's Cybersecurity Plan is designed to help healthcare organizations create and execute their own cybersecurity strategies. Since information governance is a critical initiative that healthcare organizations must embrace, AHIMA recommends a model that emphasizes competency in privacy, security, IT governance, enterprise information management, data governance, legal and regulatory, and awareness and adherence.
Its cybersecurity guidelines focus on the privacy and security competencies, as well as the need to address people, processes and technology within the organization.
Here are AHIMA's 17 cybersecurity guidelines.
1. Conduct a risk analysis of all applications and systems
2. Recognize record retention as a cybersecurity issue
3. Patch vulnerable systems
4. Deploy advanced security endpoint solutions that provide more effective protections than standard antivirus tools
5. Encrypt workstations, smartphones, tablets, laptops, backups and portable media
6. Improve identity and access management
7. Refine web filtering, block bad traffic
8. Implement mobile device management
9. Develop incident response capability
10. Monitor audit logs to selected systems
11. Leverage existing security tools like intrusion prevention systems or intrusion detection systems to detect unauthorized activities
12. Evaluate business associates
13. Improve tools and conduct an internal phishing campaign
14. Hire an outside security firm to conduct technical and non-technical evaluations
15. Prepare a 'State of the Union' type presentation for an organization's leaders on cybersecurity
16. Apply a 'defense in depth' strategy
17. Detect and prevent intrusion
Click here to access the full report.
More articles on cybersecurity:
Startup unveils approach to persuade people to sell genetic info: A new cryptocurrency
DHS project identifies 18 first-responder apps with cybersecurity flaws
84% of healthcare organizations don't have a cybersecurity leader: 5 things to know