Cyber Resilient Digital Health: Asking the Right Questions
Most healthcare boards and executives are comfortable with addressing the question, “Is my enterprise secure?” and “Am I compliant?” Network defenders are accustomed to providing the information able to answer those questions, as cybersecurity is a technical discussion.
But Cyber Resilient Digital Health is about creating and maintaining cyber resiliency across the enterprise. That means, how long can workforce and business processes remain offline in the event of a cyber incident? That’s a business conversation.
Cyber resiliency means going beyond technical analyses to determine true maturity. Network defenders and executive leadership must adapt to asking questions that truly gauge the enterprise posture: “Are our security program operations effective and efficient?”
This is a more nuanced question than “Am I compliant?” or “Am I secure?” This stance goes beyond assessing whether the enterprise security program keeps out threat actors, or prevents the spread of malware, or whether specific policies are enforced.
Understanding and addressing the efficiency and effectiveness of a security program confirms whether the security program is appropriate for the current state of risks the organization is likely to encounter and will depend on the type of business, its location, mission, risk tolerances, workforce culture, and other factors, sometimes highly specific to the organization.
To answer this question, network defenders must scrutinize the current processes and mechanisms meant to support security goals to determine if they are indeed mature and able to be efficiently sustained over time. The analysis needs to go beyond the bad actor concerns to consider employee attrition, reductions in budget, or emergency situations – including cyber events.
Healthcare entities must confirm their cyber resiliency of their security systems, controls, and countermeasures, as well as if resources are optimized and appropriately prioritized. Cyber practitioners — and by virtue of Digital Health, the healthcare organizations they serve — face ever-changing new challenges:
- Risk Management and Governance
- Ordinary Care and Neglect
- Operational Efficacy and Efficiency
- Prioritization
- Security operations
-
Enhancing Ability
- Skill sets and training
- Budget—responsibility and accountability
For more information about Cyber Resilient Digital Health Practices, read the white paper “Cyber Resilient Digital Health: It’s Not Just About Security Anymore. How Do You Sustain the Management of Risk?” by David Finn, First Health Advisory’s EVP of Governance, Risk, and Compliance!