Healthcare
Cybersecurity for
Cybersecurity in healthcare is crucial to safeguard the integrity of medical systems, avoiding clinical disruption potentially resulting in patient harm.
Hospital breaches are increasing in frequency and scale at an alarming rate
Cyberattacks involved over 40M individual patient records in the first half of 2023
1
1
Attacks are up 104% from the second half of 2022 to the
first half of 2023
1
2
57% of healthcare providers reported negative patient outcomes due to cyberattacks
The problem is complex and focuses on three primary areas
Hospital
Personnel
​
through phishing, ransomware and other human-centered means
System
Vulnerabilities
​
hospital infrastructure
and security operations deficiencies
Resiliency
Challenges
​
HIPAA, HHS 405(d)/HICP, and other patient-centric goals and challenges
WE HELP YOU NAVIGATE THE COMPLEXITIES OF PERSONNEL MANAGMENT, SECURITY OPERATIONS AND RESILIENCY
We will build a robust security framework across these eight critical areas - safeguarding both patient data and the integrity of healthcare delivery.
Managing Risk
Developing a risk profile that
best supports both clinical and non-clinical operations
Policy Creation
Authoring internal and external policies and SOPs guided by HIPAA and HPH-CPGs
Implementing Safeguards
Establishing security controls for infrastructure guided by HICP and in support of patient safety
Vendor Management
Executing supplier assessments & building SLAs for both cloud and medical devices
Measuring Effectiveness
Performing gap analysis against common hospital security control frameworks
Incident Response Planning
Identifying, mitigating, communicating, and reporting EMR and other system breaches
Staff Security Training
Developing clinical and admin employee awareness training and evaluation programs
Cyber Governance
Reporting to hospital technical and operational executives and boards & trustees
OUR PROCESS
1. Assessment
2. Buildout
3. Transition
In this initial phase, Security Counsel will conduct research, evaluate current systems and processes and create a strategy framework to guide the execution of subsequent phases.
In Phase 2, we will create the foundation of the security program and implement new SOPs. We will iteratively assess, refine, and report on the security plan until it is running smoothly and is self-sustaining.
Finally, we will transition the program to your organization by helping you hire and train your security team and provide ongoing mentoring & on-call support as needed.
FROM THE LEADERSHIP
"We understand the biggest security challenges plaguing healthcare today. We can create and support a security program that solves your most urgent problems in order to prevent healthcare delivery interruption and to support compliance."
Matt DeChant
CEO, vCISO
Security Counsel can help you interpret and implement the new HPH-CPG guidelines - we have provided a summary document for review.
​
The full document: Healthcare Sector Cybersecurity – Introduction to the strategy of the U.S. Department of Health and Human Services
Statistical Sources:
1. Richard Payerchin - Computer attacks in health care are booming so far in 2023 Medical Economics – August 9, 2023
2. Brian Foy – The Outlook for Healthcare Cybersecurity in 2023 – Security – January 6, 2023