The digitization of hospital operations has allowed healthcare providers to integrate their electronic networks and share patient information across a variety of care settings. While digital systems have helped hospitals to lower costs, improve efficiency, and enhance the delivery of care, sharing sensitive patient data across digital channels is not without its perils. As the use of medical devices and electronic health records increases, cybersecurity risks increase as well. On the black market, healthcare records—which may contain hospital finance data or sensitive patient data—are a commodity, making hospitals a prime target for attacks. Therefore, it is incumbent upon every hospital IT and supply chain department to have a cybersecurity plan in place.
Acurity’s subject matter experts have provided five tips for developing a cybersecurity plan.
Tip #1. Meet with your hospital’s Chief Information Security Officer (CISO).
Supply chain professionals should meet with their facility’s CISO to inquire about cybersecurity plans and what actions the department can take to help safeguard sensitive hospital and patient data (e.g., including specific language in vendor contracts and agreements).
Tip #2. Conduct a risk assessment.
It is important for organizations to identify threats—real and potential—to their institution. Identifying such risks and vulnerabilities allows for preemptive planning. Organizations should contract with a third-party vendor to conduct a risk assessment in order to receive objective reviews. Acurity has a variety of contracted vendors that can provide this service.
Tip #3. Make certain that your hospital is properly insured.
Despite advanced planning, cyberattacks still occur. It is imperative that organizations confer with their finance and legal teams to ensure that they have adequate liability coverage and have minimized risk.
Tip #4. Conduct interdepartmental training and discussion.
Data breaches are not solely the result of external attacks. Internal misuse and human error can lead to large-scale data leaks. Hospitals should conduct routine training sessions to ensure that staff are adequately prepared to flag or respond to security threats. An informed staff can help minimize risk and quickly halt cybersecurity incidents.
Tip #5. Consult with vendors about industry standards.
When contracting with vendors, supply chain professionals should routinely ask them to provide a Manufacturer Disclosure Statement for Medical Device Security to use as a tool in their organization’s risk assessment. Supply chain professionals should also insist that vendors agree to abide by best practices and industry standards for keeping their medical devices up-to-date. Throughout the term of the agreement, supply chain and the vendor should remain in close communication and work collaboratively on developing cybersecurity plans and procedures.
Acurity is dedicated to helping its members protect their patients, staff, and facilities from cyberattacks. For more information about our cybersecurity and data management solutions, visit our Information Technology expertise page.