Key Takeaways

• 57% of healthcare leaders plan to enhance cybersecurity tools, while 47% aim to update policies.
• Keynote speaker Paul Nakasone emphasized the need for collaboration and talent development in healthcare cybersecurity at HIMSS.
• Healthcare organizations must adopt a risk-based approach and prioritize third-party risk management to bolster cybersecurity.

Healthcare Cybersecurity Initiatives for 2025

Cybersecurity has emerged as a top priority for healthcare organizations, with many planning to increase their cybersecurity budgets in 2024. According to the HIMSS Healthcare Cybersecurity Survey, 57% of healthcare leaders are focused on enhancing cybersecurity tools, while 47% intend to revise their policies, and 34% plan to improve both and strengthen their staffing.

Elevating the focus on cybersecurity at major industry events like ViVE and HIMSS underscores its urgency. Notably, former NSA Director Paul Nakasone addressed the importance of ongoing talent development and the necessity for partnerships to advance healthcare cybersecurity during a keynote at HIMSS.

As healthcare organizations prepare for 2025, many have specific targets regarding cyber insurance coverage, particularly in the realm of identity and access management. The absence of multifactor authentication (MFA) was a critical factor in last year’s cyber incident involving Change Healthcare. Publicized lessons reveal that improperly configured MFA may result in further vulnerabilities. It is essential that organizations do not implement MFA merely to satisfy compliance or insurance requirements; instead, they should tailor their cybersecurity strategies according to their unique needs.

Moreover, the sector anticipates increasing demands for auditing and monitoring to better understand and mitigate organizational risk. As many healthcare entities start to gauge their risk appetite, the concept of a risk-based approach is becoming vital. Organizations must evaluate how long they could sustain operations without access to vital systems such as electronic health records or communication platforms critical for patient care.

A significant element of bolstering healthcare cybersecurity is managing third-party risks. Many providers gained insights into their vulnerabilities after past cyber events. For instance, Baptist Health in Jacksonville, Florida, reported unanticipated ties to Change Healthcare, despite not using the platform for revenue cycle management. Vice President and CISO James Case revealed that outdated contracts linked to Change Healthcare post-acquisition underscored broader implications for the healthcare sector.

Ultimately, addressing cybersecurity in healthcare must be regarded as a collective effort. Individual organizations cannot tackle security challenges in isolation; collaboration within the sector is essential to enhance strategies aimed at protecting patient data. Adopting a unified approach will not only fortify defenses but also foster resilience against future threats.

The content above is a summary. For more details, see the source article.