HITRUST: Taking a Preventive Care Approach to Healthcare Cybersecurity
November 30th, 2017
Highly regulated industries have always led the way for best practices in accounting, information technology and cyber security, with laws and regulations mandating certain procedures to be followed. While differences may exist in quality and type of care, the business part of the healthcare industry has slowly seen conformity due to regulations. This affects all types of healthcare – from hospitals to family practitioners. All data must be secured, transmitted using specific protocols, and insurance forms completed in a specific manner. Regulations such as HIPAA and HITECH ensure this, however there is still work to do.
Download “Mapping BeyondTrust Solutions to HITRUST Requirements“, and start your path to better cybersecurity health.
How Improvements Can be Made to Better Protect Healthcare Information
For the healthcare industry, information technology needs to learn from the best practices in medicine and adopt preventive care. Information technology should perform regular tests, screening, assessments, and other security best practices to ensure all applications are up to date, properly patched for vulnerabilities, and not misconfigured. Our recommended approach includes:
- Discovery – identifying all systems, applications and devices, and assigning risk priorities to them
- Segmentation – isolating high risk systems, applications, and devices on separate networks and limiting access and communications to prevent a hack
- Remediation – when available, applying updates, configurations, and other changes to mitigate the risk
- Reporting – providing reports to technical teams and executives to quantify the risk and exposure
If healthcare can think along the same mindset using standards like HITRUST to protect information, then sensitive patient information can be protected much better because the risks can be identified early and treated; just like diagnosing a person.
Mapping Privileged Access Management and Vulnerability Management into the HITRUST Framework
BeyondTrust has taken the step to map its privileged access management and vulnerability management solutions – which are fundamental technologies in achieving a secure state – into the HITRUST framework. This mapping will help you understand not just how to achieve compliance to the control objectives, but also demonstrate that you can achieve cost savings by using these same solutions to achieve compliance, security and operational objectives.
I encourage you to download the technical brief today, and start your path to better cybersecurity health.