One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8402726 |
| Date de publication | 2023-10-30 10:00:00 (vue: 2023-10-30 10:08:34) |
| Titre | Soins de santé & # 8211;Naviguer sur votre chemin vers le bien-être du bien-être Healthcare – Navigating your path to cyber wellness |
| Texte | The healthcare industry is progressing towards a more mature cybersecurity posture. However, given it remains a popular attack target, more attention is needed. Results from The Cost of a Data Breach Report 2023 reported that healthcare has had the highest industry cost of breach for 13 consecutive years, to the tune of $10.93M. In 2022, the top 35 global security breaches exposed 1.2 billion records, and 34% of those attacks hit the public sector and healthcare organizations.
Regulators have responded by requiring more guidance to the healthcare industry. The Cybersecurity Act of 2015 (CSA), Section 405(d), Aligning Health Care Industry Security Approaches, is the government’s response to increase collaboration on healthcare industry security practices. Lead by HHS, the 405(d) Program\'s mission is to provide resources and tools to educate, drive behavioral change, and provide cybersecurity best practices to strengthen the industry\'s cybersecurity posture.
Additionally, Section 13412 of the HITECH Act was amended in January 2022 that requires that HHS take "Recognized Security Practices" into account in specific HIPAA Security Rule enforcement and audit activities when a HIPAA-regulated entity is able to demonstrate Recognized Security Practices have been in place continuously for the 12 months prior to a security incident. This voluntary program is not a safe harbor, but could help mitigate fines and agreement remedies and reduce the time and extent for audits.
The Recognized Security Practices
Recognized Security Practices are standards, guidelines, best practices, methodologies, procedures, and processes developed under:
The National Institute of Standards and Technology (NIST) Cybersecurity Framework
Section 405(d) of the Cybersecurity Act of 2015, or
Other programs that address cybersecurity that are explicitly recognized by statute or regulation
It is apparent that healthcare organizations are being guided and even incentivized to follow a programmatic approach to cybersecurity and adopt a recognized framework.
How can a cybersecurity framework help?
By creating a common language: Adopting a cybersecurity framework and developing a strategy to implement it allows key stakeholders to start speaking a common language to address and manage cybersecurity risks. The strategy will align business, IT, and security objectives. The framework is leveraged as a mechanism in which to implement the cybersecurity strategy across the organization, which will be monitored, progress and budget reported upon to senior leaders and the board, communication, and synergies with control owners and staff. Individual users and senior executives will start to speak a common cybersecurity language, which is the first step to creating a cyber risk-aware culture.
By sustaining compliance: Adherence to a cybersecurity framework ensures that healthcare organizations comply with relevant regulations and industry standards, such as HIPAA. Compliance can help organizations avoid legal penalties, financial losses, and reputational damage.
By improving cybersecurity risk management practices: The core of implementing cybersecurity risk management is understanding the most valuable assets to the organization so that appropriate safeguards can be implemented based upon the threats. A key challenge to the healthcare industry\'s cybersecurity posture is knowing what data needs to be protected and where that data is. Accepted frameworks are built on sound risk management principles.
By increasing resilience: Cyberattacks can disrupt critical he |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $10 aligning *based 13412 182 2015 2022 2023 27001 405 93m able above accepted accordingly account achieve achieves across act activities adaptable additionally address adherence adjust adopt adopting adoption agreement align allowing allows always amended apparent approach approaches appropriate are are: assessment assessments assessors assets at&t attack attacks attention audit audits avoid aware based basic been behavioral being beneficial benefits best billion board bottom breach breaches budget built burden business but can capabilities care challenge change cisos collaboration commitment common communication compliance compliance: comply consecutive continually continuity continuously control controls core cost costly could create creates creating critical csa csf culture cyber cyberattacks cybersecurity damage data demonstrate demonstrates demonstrating developed developing different disrupt does drive educate enforcement ensures entity entrust essentials even evolve evolving executives expenses explicitly exposed extent factors financial fines first follow framework frameworks from given global government’s guidance guided guidelines had harbor has have health healthcare help helps hhs highest hipaa hit hitech hitrust how however impact implement implemented implementing improving incentivized inception incident including incorporates increase increasing incremental individual industry information institute intelligence involved iso its january journey key knowing landscape language language: lead leaders legal leveraged liabilities line listed losses maintain maintaining manage management mature mechanism medical methodologies minimize minimizing mission mitigate monitored months more most multiple must national navigating need needed needs nesting new nist not number objectives one organization organizations original originally other owners path patient patients penalties personal place popular posture potential practices practices: preserve principles prior procedures processes program programmatic programs progress progressing progressive protect protected provide providers public quickly readiness recognized records recovering recovery reduce regulated regulation regulations regulators related relevant remains remedies report reported reputation reputational requirements requires requiring resilience: resources responded response resulting results right risk risk… risks rule safe safeguarding safeguards scoping section sector security senior sensitive services since sorely sound sounds speak speaking specific specifically staff stakeholders standards start static statute step stepping stone strategy strengthen success such sustaining synergies system take target technology then those threat threats three time tools top towards transparency trust trust: tune types ultimately under: understanding updating upon users validated valuable voluntary wellness what when where which will wins year years your |
| Tags | Data Breach Tool Threat Medical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.