The unprecedented speed of digital transformation fueled by the global pandemic has resulted in a significant increase in risk vulnerabilities for healthcare organizations.
In response, these organizations must build a foundation of trust within all major stakeholder groups to mitigate ongoing and dynamic risks and achieve long-term success and growth.
During a July webinar hosted by Becker's Hospital Review and sponsored by KPMG, risk management specialists from KPMG and ServiceNow discussed the current state of cybersecurity within healthcare and the importance of building a trust with all stakeholders. They also shared practical implementation ideas. The presenters were:
- Lisa Rawls, principal, governance, risk and compliance, KPMG
- Carl Kriebel, managing director, cyber security services, KPMG
- Vishakha Sant, global head healthcare providers, ServiceNow
- Scott Ferguson, director of outbound product management, risk business, ServiceNow
Four key takeaways:
1. The rapid and widespread adoption of digital technologies resulting from the global pandemic has increased risk vulnerabilities for healthcare organizations. "The rush to quickly implement these technologies sometimes meant that security took a backseat," Ms. Sant said. "And what we're seeing now across the board is there's an increase in the number of vulnerabilities penetrating healthcare organizations." Breaches have increased by 75 percent while hacking has increased by 42 percent. An all-time high of 41 million patient records have been impacted at a cost of $400 per patient record.
2. Building trust is the key to sustaining growth, furthering innovation and attracting talent. Referred to as the "trust imperative," it's a dynamic approach to addressing risk and regulation to achieve trust across internal and external stakeholders in the digital era. Trust is becoming even more critical to the future of healthcare organizations. "When you earn the trust of your stakeholders, you create a solid platform for responsible growth, competent decision making, bolder innovation and sustainable advances in performance and efficiency," Ms. Rawls said. "Trust enables a company to understand and respond to the changes happening in the world. When you build that circle of trust [with your stakeholders], and you have that connection, you're able to do more."
3. Create this trust internally first. "Trust needs to be built across the internal stakeholder community first," Mr. Kriebel said. Without that internal trust, symptoms such as poor asset management, limited governance and slow adaptation to artificial intelligence and cloud-based technologies arise. "They don't articulate these risks to their boards," Mr. Kriebel added. "They don't articulate these risks to their leadership. And as a result, they don't have the trust and respect of those organizations."
4. Establish a strategy to address the four pillars of resilience to mitigate dynamic risks. Remembering that "trust is earned in drops, but lost in buckets," Mr. Ferguson outlined a tactical strategy based on four pillars of resilience: technology, people, facilities and third parties. He advised healthcare organizations to anticipate risks within each pillar such as understanding technological devices and the relationship between them. Second, find ways to protect the highest-priority assets within each pillar. For example, consider an alternative vendor if one third-party company presents high risk. Third, prepare for inevitable events, such as breaches or natural disasters, and plan responses. Finally, when events do occur, learn from them and improve plans and strategies.
To view the webinar, please register here.