How Health Care Providers Can Thwart Cyber Attacks (Part 3)
This is an excerpt of the full version of the paper with the title above, focused on the Key Messages and Timing of Cybersecurity Design.
BCG — Boston Consulting Group
By Michael Coden and Mike Czumak
Editor Joaquim Cardoso
July 25th, 2021
- The number of cyber attacks on health care systems has reached epidemic proportions.
- Health care providers and hospitals should focus on six primary threats: (1) Hacking; (2)Phishing; (3) Malware; (4) Espionage; (5) Compromised Accounts; and (6) Unauthorized Data Disclosures
- Five Steps to Take Immediately:
- Determine and prioritize the most critical data and cyber-physical assets
- Assess the risks and determine the key actions for reducing them
- Educate and render risky employee cyber behaviors “irrelevant.”
- Develop crisis management and cybersecurity incident response teams.
- Conduct tabletop exercises (TTXs).
- To ensure their systems are protected by cyber threats over the long haul, hospitals need to consider six strategic imperatives:
- Design cybersecurity measures into systems from the start
- Ensure continued IT system hygiene and governance
- Map the cybersecurity strategy to the business strategy
- Scale systems safely and cost-effectively
- Assume an attack is inevitable
- Prepare for simultaneous disasters
Design cybersecurity measures into systems from the start
There are clear advantages to designing cybersecurity into systems at the beginning of a digital transformation rather than adding it later on.
Designers are able to move faster when they know a system is secure.
There’s also less need for expensive rework — and less risk of introducing new errors. Shorter development times also allow a hospital to generate revenue faster. (See Exhibit 3.)
This approach also makes it easier to design secure software in a uniform way across the entire organization.
Not only will development costs will be lower as a result, but operating costs will be, too, since operations and maintenance processes are the same for many applications.
Training costs will also be lower, and security and operations teams will be more efficient and effective.
As the pandemic has so vividly demonstrated, health care provider systems and hospitals need to make cybersecurity a top priority today.
The health and well-being of the patients they serve depend on it.
About the authors
Managing Director, BCG Platinion
Chief Information Security Officer, Memorial Sloan Kettering Cancer Center
Originally published at https://www.bcg.com on April 14, 2021.