Prioritizing Risk Management Activities to Protect Patient Data
Ransomware and other cyberattacks on healthcare organizations made for a challenging 2021, and they won’t let up in 2022. Add in risks related to the Internet of Medical Things, cloud computing and interconnected data systems, and IT leaders have a full plate to manage, says Greg Peebles, director of information security at St. Elizabeth Healthcare.
To help IT staff prioritize risk management, St. Elizabeth relies on Tenable.sc. The platform provides a risk-based view of vulnerabilities, together with automated scanning and reporting, which makes it easier to identify and correct potential problems.
“We want to scan our entire environment, regardless of what’s added from a technology perspective,” Peebles says.
Medical devices can be especially complex, with unique operating systems and patient privacy concerns. Tenable’s active and passive scanning modes, and the ability to identify risky devices such as those that are outdated, help to alleviate those issues.
Better visibility also allows for more granular reporting and trend analyses, Peebles adds. With a system that spans six facilities and some 170 offices in Kentucky, Indiana and Ohio, the ability to customize reporting for various audiences was important for St. Elizabeth’s IT department.
RELATED: Find out how SASE offers a simpler approach to facilitating security and management.
“When I started here, we focused on creating metrics and measurement for our vulnerability management, which is really where Tenable fits,” Peebles says.
With potentially thousands of vulnerabilities each month, the ability to prioritize and track remediation over time is crucial. “The goal was to have catching processes in place, and then you use tools like Tenable to track and see how you’re doing,” he says.
Automation helps IT staff stay on top of that volume, such as with patching tools that automatically scan and send monthly reports.
“There are still some vulnerabilities that we have to understand manually, but when it comes to the patching cycle, the scanning and communication, we’ve tried to automate that, to take the effort out of repeatable processes,” Peebles says.
As cyberattacks grow in sophistication, he sees an opportunity for healthcare organizations to increase their collaboration. Partnership efforts, such as security operations centers, could help providers share intelligence and optimize their infrastructure.
“How can we take more coordinated efforts to stop the bad actors that are actively launching phishing campaigns and trying to break into hospitals?” Peebles says. “I look at the smaller hospitals that may not even have dedicated security teams. How can we, as an industry, help them and help each other?”
Click the banner below to dig deeper into security and incident response with planning guidance from CDW.
Source: https://healthtechmagazine.net/article/2021/12/3-health-tech-trends-watch-2022
