Topics
Reimbursement
Home health agencies get half a percent pay increase
Home health agencies get half a percent pay increase
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cleveland Clinic partnering with Cavaliers on new training center
Cleveland Clinic partnering with Cavs on new sports complex
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Trump picks RFK Jr. to lead HHS
Trump picks RFK Jr. to lead HHS
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
MD Anderson launches new cancer research center
MD Anderson launches new cancer research center
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Elevance Health 'considering options' following star ratings hit
Elevance Health 'considering options' following star ratings hit
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
CerpassRx, Waltz team on AI platform to manage specialty drug spend
CerpassRx, Waltz team on AI to manage specialty drug spend
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Teladoc posts $640.5 million in revenue, stresses virtual care improvement
Teladoc posts $640.5 million in revenue
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Jun 20, 2016 More on Risk Management

Healthcare cybersecurity must be proactive not reactive, expert says

Two-thirds of businesses, including healthcare industry, wait until cybersecurity attack before they engage a security vendor, expert says.

Jessica Davis, Associate Editor

Two-thirds of businesses, including organizations in the healthcare industry, wait until a cybersecurity attack before they engage a security vendor or a managed security services provider, according to a recent Ponemon study commissioned by government contractor Raytheon Foreground Security.

Further, 80 percent of respondents said managed security services are important to their overall IT security strategy, but of these respondents, 84 percent said their managed security services provider doesn't offer proactive hunting services.

"Most managed security services don't provide proactive threat hunting, advanced analytics and incident response as part of their core offerings," said Alison Kidd, executive vice president of sales and marketing for Raytheon Foreground Security. "A select few managed services focus on finding advanced threats that are impacting the healthcare industry today.

[Also: As count of cyberattacks swells, healthcare orgs seek extra insurance against losses]

"Truly talented resources with advanced cyber capabilities are extremely hard to find and harder to keep," Kidd added. "Therefore, leveraging the right managed security service is a way to extend that advanced talent, expertise and knowledge into the end user enterprise."

Healthcare was one of the most attacked industries in 2015, according to Kidd – but only 10 percent of the budget in healthcare is dedicated to IT security. As a result, tough spending choices are made with 'compliance checkbox security.'

To further complicate matters, the sophistication of cyberattacks is increasing, and there's a lack of cybersecurity staff able to tackle these attacks, Kidd explained.

[Also: Intermountain CIO presses Congress for clear strategy on cybersecurity for HHS]

"Where worms, viruses, and Dos/DDoS were of the center of attention roughly four years ago, we're now dealing with nation state attacks, IoT compromises and Ransomware," she said. "The game has shifted to be one of complete control, instead of disruption."

To combat this, she recommended that healthcare organizations adopt a posture of risk-based security, which requires a protective barrier around patient data and the IT systems. Healthcare organizations also need to model cybersecurity based on the human immune system.

"Similar to the human body, you're aware your body (or enterprise) will at some point be compromised, the important factor is how resilient your organization is in order to maintain continuity of operations," Kidd said.

"Organizations need to employ a service that includes proactive threat hunting, which searches for indicators of compromise and infection, while simultaneously remembering the infections you have already expelled," she added.

[Also: Healthcare execs pour money into cybersecurity after rampant breaches]

And to reduce physical theft of data – another threat plaguing healthcare security – the industry needs to employ heavy segmentation and virtualization to eliminate this risk, according to Kidd: "Once your data leaves your premises, you've already lost control of it."

Ponemon Institute surveyed 1,784 information security leaders from 19 countries for its report.

This article first appeared in Healthcare IT News.

Twitter: @JessiefDavis

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.