Scott Maurice On The Five Categories of Good Cybersecurity

Recent reports have gone a long way toward explaining the ability—or inability—of healthcare organizations to combat cyber threats and meet compliance standards. One particular report published by CynergisTek addressed five areas integral to good cybersecurity: identification, protection, detection, response, and recovery. Failure to meet one or more of these categories can lead to disaster across a healthcare organization.

These are known as the five functions of the National Institute of Standards and Technology Cybersecurity Framework. I’d like to take a look at all five and address the ways they fit into a healthcare organization’s IT structure.

Identify

Identification is the first step for any organization looking to keep a well-maintained IT infrastructure. This function is especially important for healthcare organizations, given that many fall short on compliance and are now forced to improve systems that may not have been touched in years.

This function requires an organization to not only evaluate the various devices that make up its infrastructure, but the employees that use those devices as well. Mitigating problematic employee behaviors are a good example of how a healthcare organization can be vigilant about identification.

Protect

Protection involves being proactive in stopping threats before they can manifest themselves. Practicing proper data security is an aspect of protection that is especially important for healthcare organizations, given the exchange of sensitive patient information. This includes protecting data when it is stored, transferred, and accessed.

This also covers system maintenance to ensure that frequent updates by a competent IT staff (in-house or outsourced) react to match the ever-updating range of best practices.

Detect

All of the rapid response in the world doesn’t matter if you don’t detect a potential issue. While an ounce of prevention is worth a pound of cure, health systems should be able to pinpoint the origin of a breach as quickly as possible.

Detection runs the gamut as far as effort is concerned, ranging from continuous asset monitoring to the maintenance of automatic detection processes.

Respond

Responses, like plays, are a lot better when they’re rehearsed ahead of time. IT professionals associated with a healthcare organization should have contingency plans for multiple kinds of breach, and a protocols for finding a quick solution. Once a breach is detected, it should be mitigated as much as possible and analyzed to make the recovery process go as smoothly as possible.

This also involves pinpointing areas of weakness in response procedures, allowing for an iterative approach where future breaches can be dealt with in an improved manner.

Recover

Any healthcare organization should hope that it never gets to this stage, but not planning for it is incredibly dangerous. Communication with anybody involved in the attack, from stakeholders to law enforcement to even the attackers themselves, is a big part of this process. Public relations comes into play here, as poor response on part of an organization can cause irrevocable damage to its reputation.

Recovery looks different depending on the nature of the attack. Systems are restored, data recovered, and vulnerabilities patched as necessary. IT professionals should look forward and improve all other functions in the wake of recovery.

About the author: Scott Maurice is an IT professional based in Seattle, Washington. Scott, along with his company, Avail Partners, seeks to provide industry-specific solutions for information technology. He specializes in healthcare compliance, with new standards such as HIPAA shaking up the industry.