ARTICLE
14 February 2019

Taking Stock Of Your 2019 Cybersecurity Resolutions

SH
Stites & Harbison PLLC

Contributor

A full-service law firm representing clients across the United States and internationally, Stites & Harbison, PLLC is known as a preeminent firm managing sophisticated transactions, challenging litigation and complex regulatory matters on a daily basis.  The firm represents a broad spectrum of clients including multinational corporations, financial institutions, pharmaceutical companies, health care organizations, private companies, nonprofit organizations, and individuals. Stites & Harbison has 10 offices across five states.
Some estimate that 80% of resolutions fail by the second week of February.
United States Technology

Did you decide that 2019 will be the year you tackle those cybersecurity threats to your organization that keep you up at night? It's February, and a good time to take stock of whether your organization is following through on its cybersecurity goals. Some estimate that 80% of resolutions fail by the second week of February. Looking at the calendar—the odds may be against you. But, do not despair. New guidance may be the answer to tackling the daunting task of identifying risks to your organization and developing strategies to mitigate them—particularly if you are among the many operating in the health care field.

The Department of Health and Human Services (HHS), in partnership with industry leaders, recently released voluntary cybersecurity guidance aimed at offering practical strategies to cost-effectively reduce the risks associated with specific, common cybersecurity threats. Ransomware? Email phishing? Attacks against connected medical devices? Not surprisingly, those are among the topics covered.

Recognizing that health care organizations of varying sizes are susceptible to different cybersecurity threats and possess different resources to combat them, the guidance has one volume specifically tailored to fit the needs of small health care organizations, and one volume directed to medium and large organizations. The guidelines also contain a number of resources and templates, including a "Practices Assessment, Roadmaps, and Toolkit," to help health care organizations implement improved cybersecurity practices. And, although it is directed to the health care field, this practical guidance may be applicable to common threats in other industries as well.

HHS recognizes that the health care industry relies on "the digitization of data and automation of processes to maintain and share patient information" in order to deliver patient care efficiently and effectively. Health care technology leaves health care organizations vulnerable to significant risks for the potential of high-impact cybersecurity attacks on their computer systems and the protected health information (PHI) they house. Cybersecurity incidents not only place sensitive information at risk, they also have the potential to affect patient care, disrupt operations, and threaten patient safety. Failing to address cybersecurity can be costly, both in terms of an organization's bottom line and the reputational damage that may follow a breach. HHS estimates that data breaches cost the United States health care system $6.2 billion in 2016 alone.

So, even if it wasn't among your resolutions this year, there is never a bad time to start assessing and improving your health care organization's cybersecurity defenses.

The new HHS cybersecurity guidelines are available here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More