Working Together for Stronger Healthcare Cybersecurity – A Look At 405(d)

There are new cybersecurity tools for protecting patient safety that every healthcare organization should know about. In this video, two leaders in the field discuss two recent initiatives: The Healthcare Cybersecurity Benchmarking Study, co-led by Censinet, KLAS Research, and the American Hospital Association, and the Hospital Cyber Resiliency Initiative Landscape Analysis, a recently published report by the U.S. Department of Health and Human Services 405(d) Program which included data from the Censinet Benchmarking Study (Wave 1 and Wave 2).

For the first time in the industry, these two initiatives bring together organizations that normally compete with each other in a collaborative effort to contribute key cybersecurity data to create a set of comprehensive and actionable peer benchmarks to identify common areas of concern, set new industry standards for coverage of recognized security practices like NIST CSF and HICP, and help prioritize both immediate and near-term investment in cybersecurity to protect patient safety from increasingly malicious cyber threats like ransomware.

Erik Decker, Vice President and Chief Information Security Officer at Intermountain Health, is chair of the 405(d) Task Group, that identified the chief areas of healthcare cybersecurity weakness in the HHS Landscape Analysis and developed plans and best practices for improving these areas. Pointing out that institutions usually underinvest in cybersecurity, Decker says that these two new assessment tools can help answer the question: “Does the investment lead to an outcome?” In other words, which investments in your cybersecurity program result in in meaningful changes to overall enterprise cyber maturity and resiliency?  Plus, both the Benchmarking Study and the Landscape Analysis help healthcare organizations demonstrate adoption and coverage of industry recognized security practices like NIST CSF and HICP.

Ed Gaudet, CEO and Founder of Censinet, says that cybersecurity is a broad topic that includes not only all Health IT and digital health, but low-tech areas across the Supply Chain such as food services and laundry vendors. With Censinet, Gaudet wants to aggregate and centralize the cyber risks of all these third parties under “a single pane of glass” for maximum risk visibility and to create actionable insights to mitigate those risks efficiently and effectively. Plus, Decker and Gaudet talked about how efforts like 405(d) need to work across a wide spectrum of healthcare organizations from the largest health system to the smallest clinical practice.  405(d) was designed as public-private collaboration to help all healthcare organizations improve their cyber posture and fight back against increasing cyberattacks across the industry.

Decker also points out in the video that participation in 405(d) HICP through Censinet can actually help your organization demonstrate to HHS Office for Civil Rights (OCR) that you were doing your best to secure your data if (and most believe when) a breach occurs.  This is a big deal for a healthcare organization that wants to potentially mitigate their risks of OCR fines, penalties, and other remedies stemming from a breach.

Watch the video for more background on these two new cybersecurity initiatives and how they can help your organization.

Learn more about Censinet: https://www.censinet.com/

Learn more about Intermountain Health: https://intermountainhealthcare.org/

Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.

And for an exclusive look at our top storiessubscribe to our newsletter.

Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our Media Kit.

Censinet is a proud sponsor of Healthcare Scene.

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

   

Categories