- About Us
- Resource Center
Cyber Security for Healthcare IT White Papers
Release Date: November 12, 2013
Summary: Cyber security isn't on the syllabus of any medical school, but cyber security awareness is just as vital to healthcare organizations as washing hands. At best, lack of cyber security awareness can result in malware, which slows operations and increases maintenance costs. At worst, it could lead to data breaches, multi-million dollar fines and loss of trust with patients.
So how do you create effective awareness in a healthcare organization, helping ensure safety while not impeding the work of healthcare providers, where time and simplicity is at a premium? NJVC Cyber Security Principal Robert J. Michalsky provides a framework for creating good cyber security hygiene and integrating cyber security awareness into daily actions.
Protecting Digital Health Information: A Three-Part Series
NJVC's healthcare IT experts discuss the importance of cyber security for healthcare, why the true scope of cyber security requirements may be broader than commonly thought and the basic steps every healthcare organization should take to protect its data in an increasingly digital landscape.
Author: Terri Schoenrock, Director of Healthcare Solutions
Release Date: June 10, 2013
Summary: Healthcare provider organizations are evolving patient health data access and management, making personally identifiable information more digital, mobile and available. With this move comes a quantum increase in the exposure of individually identifiable information within the enterprise and across the extended value chain. The balancing act is to address the need to be agile and responsive to stakeholders, and therefore more competitive, while managing the risk of compromised security with consistently dwindling budgets.
• Breaches of individually identifiable patient health information result in financial loss, criminal fines, and loss of reputation.
• The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580 (Ponemon Institute, 2012).
• Most breaches can be prevented before they happen, with a small investment in the future. Equal in impact is the loss of trust by the stakeholder community after a breach. Independent physicians and most patients have a choice in their healthcare, and in where that care is provided.
• It is critical to find a partner to help to diagnose your current situation and help create the safety net that will limit the risk to the health enterprise and its stakeholders, including cloud and other service providers.
Author: Robert J. Michalsky, Principal, Cyber Security
Release Date: July 8, 2013
Summary: In medicine, reducing risky behavior reduces health risks. So too does reducing risky cyber behavior reduce likelihood of attack or breach.
How do you make smart, cost-effective, and prioritized decisions that protect the security and privacy of your patients? Before you can make a prognosis, you need to assess the situation by running diagnostic tests. In the case of privacy and security, you need to determine your critical cyber security vulnerabilities and mitigate against those attack vectors. Consider the entire enterprise as having a potential attack surface. Risk management is about quantifying that risk and minimizing the potential for harm.
Release Date: August 8, 2013
Summary: Protecting electronic medical records is one of the fundamental objectives of every healthcare organization. As mandated by the HIPAA Privacy and Security rules, appropriate safeguards must be in place to effectively enforce controls on the use and disclosure of all electronic Personal Health Information.
How can this end goal best be achieved? With a comprehensive third party IT security assessment that accepts the structure and organization in place—and does not seek to alter an organization, but instead look for enhancements to better protect the valuable electronic assets a healthcare organization produces and utilizes—patient health data.