Strategies and next steps for improved cybersecurity in 2023

This was another challenging year for healthcare information security – but there's hope for the year ahead as technology and policy leaders promote new ideas to reduce risk and strengthen resilience. Federal agencies get involved, executives in the healthcare business and government perceive the need for national standards, and technology takes centre stage in the fight against healthcare hacks. Based on what we've been reporting and reading over the past few weeks, here is a brief summary of some of those trends. Healthcare cybersecurity could change thanks to "Meaningful Protection." Ed Gaudet, CEO and founder of Censinet and a member of the Health Sector Coordinating Council, proposes and outlines what he calls a "Meaningful Protection" standard for healthcare cybersecurity in a Forbes article. This standard is comparable to the federal meaningful use programme that encouraged the adoption of electronic health records in the early 2010s. A "velvet hammer" strategy will be used to lower patient safety risks and boost operational resilience, he said.

There are several strategies that healthcare organizations can use to improve cybersecurity:

• Implement strong passwords and password management policies: Encourage employees to use strong, unique passwords for all their accounts and to update them regularly. Use a password manager to store and manage passwords securely.
• Enable two-factor authentication: This adds an extra layer of security by requiring users to provide a second form of authentication (e.g., a code sent to their phone) in addition to their password when logging into their accounts.
• Conduct regular security assessments: Regularly assess the organization's cybersecurity posture and identify any vulnerabilities that need to be addressed. This can include penetration testing, network scans, and other types of assessments.
• Educate employees: Provide ongoing training to employees on cybersecurity best practices, such as identifying and avoiding phishing attacks and properly handling sensitive data.
• Use secure communication channels: Use encrypted email and messaging services to protect sensitive information when communicating with patients, colleagues, and other stakeholders.
• Implement secure networks: Use firewalls and other security measures to protect the organization's networks and systems.
• Use strong and up-to-date security software: Use antivirus and anti-malware software to protect against malware and other threats, and ensure that the software is kept up-to-date.
• Regularly update and patch systems: Regularly update and patch systems, including software, firmware, and operating systems, to fix vulnerabilities and prevent attacks.
• Implement backup and recovery plans: Develop and regularly test backup and recovery plans to ensure that the organization can recover from a cyber attack or other disaster.
• Use data encryption: Encrypt sensitive data, both at rest and in transit, to protect it from unauthorized access.

By implementing these strategies, healthcare organizations can significantly improve their cybersecurity posture and protect themselves and their patients from cyber threats.