How to identify gaps in your security to better assess and manage your enterprise risk
We’ve seen the statistics. Healthcare breaches are the on the rise. Since 2009, there have been more than 2100 healthcare data breaches; by the end of last year, security breaches were expected to cost healthcare delivery organizations $6 trillion dollars. In 2021, the $1.2 trillion healthcare sector will fall victim to two to three times more cyberattacks than any other industry.
Given this backdrop, it’s no wonder healthcare delivery organizations are frantic to bolster their security posture. Health systems are committed to doing whatever they need to avoid becoming a headline, or worse, have their care compromised and patient outcomes jeopardized. This is why the healthcare industry is predicted to spend $125 billion on cybersecurity from 2020 to 2025.
But are all the efforts and spending working? Are healthcare organizations getting the value they seek? Are they able to build the resilience they need into their environment? Or, are they overlooking opportunities to be better, stronger?
Most organizations have operational and business gaps that can hinder their ability to mature their security strategies and programs for maximum value. These silo’s and disconnects create massive inefficiencies and risks throughout an HDO’s operations. For example, different roles and conflicting responsibilities can stifle communication and coordination, creating disconnects that reduce productivity, increase spending, and introduce cybersecurity threats that can ultimately impact the availability and safety of the HDO’s operations and care.
HDOs need to identify these gaps, before they can align their people, processes, and technologies to create a strong security posture that can be a business enabler. Given the complexity of most healthcare organization’s environments, identifying these gaps has traditionally been elusive. To help, Medigate has developed an innovative operational assessment framework, called “The Real-Time Healthcare Convergence Maturity Assessment" (CMA).
This framework is an online self-assessment tool that generates a cybersecurity, operations and business gap analysis that provides your IT, IS, clinical engineering, biomed, and financial leadership a way to collectively assess your enterprise risk. The tool combines survey questions covering the National Institute of Standards and Technology’s (NIST) security framework and Gartner's Real Time Health System (RTHS). Cross-functional controls are mapped to each framework's capabilities, cross-referenced and scored to identify gaps that manifest as workflow inefficiencies. The CMA identifies them, denotes if the gap is a matter of FISMA compliance, and detailed explanations are provided with peer-benchmarks.
The passage of HR 7898, now known as the HIPAA Safe Harbor Law, amended the HITECH Act to require Health and Human Services (HHS) to incentivize security best practice across all HIPAA-covered entities. It references NIST as the endorsed path to securing healthcare assets used in the delivery of connected patient care. Gartner's RTHS framework provides health systems a roadmap to operational maturity. It details how health systems can best leverage their digital assets, eliminate silos and drive interoperability in support of value-based care.
By combining these two frameworks, Medigate has developed a way to assess convergence maturity. The output of this assessment is a highly practical "convergence roadmap" that you can use as fresh perspective to better align your cybersecurity and asset management strategies and practices.
The inefficiencies exposed in the gap analysis are representative of the actual day-to-day risks your health system needs to know about. The assessment uncovers areas of risk that live across the traditional silos that health systems are trying to eliminate. The reporting output is relevant across numerous stakeholder groups, spanning IT, information security, networking, clinical engineering, biomed, supply chain and financial offices. For example, you can see how you stack up against your peers:
And you can receive specific recommendations to close gaps and improve your posture.
The objective is to help you understand and address your gaps, so you can develop a more secure clinical risk management strategy and operational framework that enables your business to thrive and adapt. Given the explosive growth of medical devices, the advent of telehealth, and the evolution of real-time value-based healthcare, this tool helps you focus your spending and resources to prepare your organization to meet the ongoing needs of your patients today and in the future.
