Designing Cybersecurity into Systems Up Front Saves Time (~62%) and Reduces Costs (~30%)

How Health Care Providers Can Thwart Cyber Attacks (Part 3)

This is an excerpt of the full version of the paper with the title above, focused on the Key Messages and Timing of Cybersecurity Design.

BCG — Boston Consulting Group
Michael Coden and Mike Czumak
Editor Joaquim Cardoso
July 25th, 2021

Key messages

  • Health care providers and hospitals should focus on six primary threats: (1) Hacking; (2)Phishing; (3) Malware; (4) Espionage; (5) Compromised Accounts; and (6) Unauthorized Data Disclosures
  • Five Steps to Take Immediately:
  1. Determine and prioritize the most critical data and cyber-physical assets
  2. Assess the risks and determine the key actions for reducing them
  3. Educate and render risky employee cyber behaviors “irrelevant.”
  4. Develop crisis management and cybersecurity incident response teams.
  5. Conduct tabletop exercises (TTXs).
  • To ensure their systems are protected by cyber threats over the long haul, hospitals need to consider six strategic imperatives:
  1. Design cybersecurity measures into systems from the start
  2. Ensure continued IT system hygiene and governance
  3. Map the cybersecurity strategy to the business strategy
  4. Scale systems safely and cost-effectively
  5. Assume an attack is inevitable
  6. Prepare for simultaneous disasters

Design cybersecurity measures into systems from the start

There are clear advantages to designing cybersecurity into systems at the beginning of a digital transformation rather than adding it later on. 

Designers are able to move faster when they know a system is secure. 

There’s also less need for expensive rework — and less risk of introducing new errors. Shorter development times also allow a hospital to generate revenue faster. (See Exhibit 3.)

This approach also makes it easier to design secure software in a uniform way across the entire organization. 

Not only will development costs will be lower as a result, but operating costs will be, too, since operations and maintenance processes are the same for many applications. 

Training costs will also be lower, and security and operations teams will be more efficient and effective.

As the pandemic has so vividly demonstrated, health care provider systems and hospitals need to make cybersecurity a top priority today.

The health and well-being of the patients they serve depend on it.

About the authors

Michael Coden

Managing Director, BCG Platinion
New York

Mike Czumak
Chief Information Security Officer, Memorial Sloan Kettering Cancer Center

Originally published at on April 14, 2021.

PDF version:
Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Related Posts