5 tips radiology practices must consider to combat cybersecurity threats
Cyberattacks are becoming commonplace among large organizations. But hackers are also turning their efforts toward healthcare organizations big and small, and radiology departments must take notice.
Imaging and IT experts shared strategies for shoring up vulnerabilities June 17 in the Journal of the American College of Radiology. Healthcare lags other industries in funding cybersecurity programs, and successful attacks can inflict negative clinical, monetary, regulatory and public perception fallout for practices.
“Although it takes time and dedication, building a solid security practice not only greatly reduces risk to the organization but will also build the confidence of current and future customers who are trusting your organization to protect their valuable data,” Andrew Moriarty, vice president of Clinical Operations and Quality Committee chair at Advanced Radiology Services in Grand Rapids, Michigan, and a co-author wrote Thursday.
Moriarty and Rich Wunsch, director of IT Infrastructure at Strategic Administrative and Reimbursement Services, a subsidiary of Advanced Radiology, shared five solutions for practices to consider.
1. Organizational support: Successful cybersecurity programs have backing from senior leadership. Executives must work with IT teams on a security plan aligned with their overall business strategy and expectations. Ensuring practices have proper policies in place and secure protocols that employees follow are essential, the authors noted.
2. Basic deterrents: Most attackers are opportunistic, looking for easily exploitable targets. Pentagon-level security isn’t necessary for most organizations as basic measures can prevent a majority of attacks.
3. Utilize existing resources: Security service providers can tailor organizational programs without adding staff, which can save smaller institutions labor and IT costs. Published frameworks, such as those from the National Institute of Standards and Technology, walk organizations through necessary controls and other steps for success.
4. Simplicity first: Starting with basic protocols can keep cybersecurity programs running smoothly. Consider implementing password policies, multifactor authentication, training, email protection, patching, and data backups, among other solutions.
5. Advanced controls: This will require added time and money but offer competitive advantages and added data protection, the authors explained. These solutions include internal or outsourced continuous network monitoring, vendor security audits, end-to-end data encryption, comprehensive cyber insurance, and vulnerability scanning, among many other add-ons.
Read more from the authors here.