Phishing, ransomware, hacking, and malware are cyber threats to PHI and other sensitive data which must be addressed. However, many healthcare organizations have limited resources to address these new and evolving threats while still maintaining regulatory compliance. Achieving “best practices” may not be a realistic goal. This session shares research along with the personal experience of the speaker, a recognized healthcare expert, and will explain the security safeguards and controls used across the vast spectrum of healthcare organizations to define the core prevailing practices based upon organizational size and complexity; from small clinical practices and critical access hospitals, through large health system and the complex environment of academic medical centers. Healthcare organizations are investing more in security. Therefore, it is critically important that the investments made to reduce the risks from cyber threats are spent wisely.
Compare how critical access hospitals, mid-sized hospitals, large healthcare systems, and academic medical centers have defined “prevailing practices” for information security and compliance
Explain the common tools, processes, and talent levels that are being used
Categorize the security practices using the NIST Cyber Security Framework (CSF): Identify, Protect, Detect, Respond, and Recover
Recognize the top tactics used to defend against leading cyber treats: hacking, malware, phishing, and ransomware