In an interview with Healthcare Dive, two security experts share tips for health care organizations, many of which can be applied to ARM companies as well.
04/24/2024 1:10 P.M.
2 minute read
Healthcare Dive recently spoke with two cybersecurity experts about how health care organizations can protect themselves against a cyberattack.
Phil Morris and Chad Peterson, both managing directors at cybersecurity firm NetSPI, shared these security strategies:
PETERSON: “Do basic blocking and tackling, whether it’s account management, multifactor authentication and identifying potential vulnerabilities. Know your attack points and identify what areas in your environment are essentially like Swiss cheese inside. So it’s doing the due diligence to know what you have, what you’re susceptible to, then prioritizing how to correct or at least mitigate a lot of those issues to make yourself less susceptible. It’s basic risk management.
Have that incident response plan not only created but tested. It goes beyond just what do I do while it’s happening or how to identify something; it’s do I have the backup systems or contingency plans in place, whether that’s, unfortunately, going all the way back to paper documentation.
And ensure that your staff is trained, whether it’s from a technical point of view, how they are protecting data, what to click on, what not to click on from a phishing point of view.”
MORRIS: “This is where this idea of proactive security becomes really important. When something bad happens, are you ready? Not if something bad happens, are you ready? We spend a lot of time advising our clients on those scenarios so they can be better informed on how to be resilient and recover from them.”
Read the Healthcare Dive article here.
Evolving Threat Landscape
Cybersecurity is increasingly important as every day brings news of a new cyberattack or data breach—often with huge consequences. For instance, in March, revenue cycle management firm MedData agreed to a $7 million settlement in response to a class-action lawsuit stemming from a significant data breach, ACA International previously reported.
The incident, in which an employee inadvertently exposed the health and personal information of approximately 136,000 individuals on GitHub, underscores the critical importance of robust cybersecurity measures in today’s digital landscape.
Protect Yourself
Access ACA’s Safeguards Rule Resource Center here for cybersecurity tips as well as insights from TPx, ACA’s Safeguards security partner of choice. Webinar recordings related to the Safeguards Rule are available at ACA’s Store by selecting the Safeguards Rule topic.
“To protect your business from cyber threats, follow the GLBA Safeguards guidelines,” said Jonathan Goldberger, senior vice president of security practice and strategic sales for TPx. “These guidelines cover essential parts of a strong cybersecurity program, including checks to make sure your security measures are working. Simply put, by aligning with these safeguards, you are going to be not just compliant, but also significantly more secure.”
It’s critical to make sure your cyber liability insurance is current, and coverage is easy and affordable for ACA members. Collectors Insurance Agency (CIA), a subsidiary of ACA, provides members exclusive access to risk management products and services tailored to each members’ specific needs. Cyber insurance is an ever-changing market, and with the help of CIA’s partners Aon and Axis, members can obtain the coverage they need to meet today’s—and tomorrow’s—challenges.
Remember, subscribe to ACA Daily and Member Alerts under your My ACA profile when logged in to acainternational.org.