In response to the increase in cyberthreats, healthcare organizations have quite rightly focused on their cyber defenses: hardening their endpoints (e.g., laptops, mobile devices, and web applications); strengthening their network access credentials (by introducing two-factor authentication, requiring more frequent password updates, and removing outdated or expired credentials); and more actively and closely scrutinizing the security posture of third parties (such as vendors, contractors, and other partners).
Yet, as important as these cybersecurity-focused efforts are, the reality is that no organization can prevent all breaches; no matter how much time or money is applied to cybersecurity, there will inevitably be breaches. Regrettably, when it comes to being a victim of a cyberattack, it is a matter of when, not if.
This somber reality means that healthcare organizations, to better address the heightened levels of risk in our new normal, need to complement their cybersecurity-focused efforts with information governance (IG) efforts to help them better manage the information (sensitive or otherwise) behind their firewall. When done properly, IG will help ensure that when the next breach happens—which it will—the attackers will find less sensitive information to compromise, and the organization affected will have better (and more rapid) visibility into what information was in fact compromised.
© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals.
Ankura is not a law firm and cannot provide legal advice.