Published by
@ShahidNShah
@ShahidNShah
Healthcare Needs Security Architectures that Provide Control Resiliency
Cyber resilience is a concept that most organizations are familiar with. It's defined as the ability to withstand and recover from adverse events that have the potential to impact an organization’s information systems and IT resources.Hospitals are no stranger to this need, of course, and most have sophisticated downtime procedures to keep patient care operational in the event that EHR, PACS and other clinical systems are impacted by an incident.Many of the standards that the security industry follows today are useful for setting minimum baselines for what security controls are needed to keep an organization secure, but one of the limitations of these standards is they tend to be focused on control existence and not control efficacy.
Medigy Insights
Many of the standards that the security industry follows today are useful for setting minimum baselines for what security controls are needed to keep an organization secure, but one of the limitations of these standards is they tend to be focused on control existence and not control efficacy.Being able to check off having a firewall is very different from empirically evaluating the efficacy of the firewall ruleset against attacker behavior like data exfiltration or the establishment of command and control.The adoption of approaches such as evidence-based security can help organizations to evaluate the efficacy of their controls against attacker techniques and help them identify all of the areas where controls are not working as well as intended.
Continue reading at healthcareitnews.com
Make faster decisions with community advice
Next Article
-
Best Practices for Training During EHR Implementation
Each year, health systems invest millions of dollars in their Electronic Health Records (EHR) and applications to leverage their full potential. In a recent Becker’s Health IT article, it is stated …
