How can healthcare organizations ensure compliance and security in the face of increasing cybersecurity challenges?

In a recent Tripwire Tuesday event, a Tripwire customer shared some insights about how healthcare organizations can implement basic security hygiene – foundational controls – to mitigate risks and vulnerabilities in their environment.

Influence organizational culture

Healthcare organizations typically lag behind other industries in implementing cyber security controls. However, because healthcare organizations care about patient safety, we can influence the organizational culture by embedding information security into the fabric of patient care. By connecting the dots about how information security affects patient safety, we can extend accountability beyond just the infosec group and leverage the entire organization to act as an information security team. This is more effective than using just a few resources.

Influencing the organizational culture can be accomplished by increasing awareness through education and ingraining this learning through practice. Additionally, collaborate with business units to find out what they care about and communicate how infosec contributes to the goals of the business units.

Deploy foundational controls

Rather than focusing on using the most expensive or complex solution, focus on implementing basic security hygiene – foundational controls. Start by building your framework using security frameworks; take a baseline security framework and adapt it to your organization. Don’t be distracted by the buzzwords but focus on foundational controls. The biggest attacks in 2017 were not due to specialized attacks but due to lapses in basic configuration and basic security hygiene. There is no silver bullet or one vendor that can solve all your problems. It’s about defense-in-depth: multiple solutions working together to improve your security posture.

Focus on reducing risk

Because there is also no such thing as no risk, detect early and isolate the environment where there is malicious activity to prevent (Read more...)