Regardless of where your company plays in the healthcare industry or your particular role within an organization, cybersecurity in healthcare is of utmost importance and should be a top responsibility for all members of any organization. Below, we share three tips that we implement here at OMNY, but also recommend for any organization in the healthcare industry.
Tip #1: CIA Triangle
The first is the CIA Triangle, a set of guiding principles that help ensure data security. CIA stands for Confidentiality, Integrity, and Availability. 1.) Confidentiality is the principle that objects are not disclosed to unauthorized subjects. 2.) Integrity is the principle that objects retain their veracity and are intentionally modified by only authorized subjects. 3.) Availability is the principle that authorized subjects are granted timely and uninterrupted access to objects. For more details, check out this video:
Tip #2: Compliance and Certification
Generally, compliance means adhering to a rule such as a policy, standard, specification, or law. Certification means that your system has been certified to be in conformance (compliance) with all the requirements of a selected standard. A certification is done in five major steps: 1.) Select an industry-standard framework, 2.) Work with a trusted third-party auditor, 3.) Conduct a security gap analysis and remediate gaps, 4.) Undergo the audit and achieve certification, 5.) Maintain certification. For more information, check out this video:
Tip #3: Maintaining Certification
As you may have guessed, obtaining certification is only the beginning of an ongoing process to maintain that certification. Here are four efforts that your company should implement to maintain a solid security posture at all times: 1.) Make it a company effort, 2.) Automate evidence collection, 3.) Maintain awareness and alert levels, 4.) Set regular security checkpoints. For more information, check out this video:
We recently implemented all three of these tips with our SOC 2 certification. We found that these three tips were great guidance and hope you can implement some of these to protect your organization as well.
About the Author:
Dr. Maik Lindner is OMNY’s Chief Information Security Officer (CISO). As CISO, he is responsible for the strategic direction and alignment of the Information Security Program. Dr. Lindner has over 25 years of Information Systems experience in multiple industries and currently holds the ISC2 certification CISSP – Certified Information Systems Security Professional. Prior to OMNY he held various positions at Dell and SAP.