Here’s a Baseline for Healthcare Security Metrics

Here’s a Baseline for Healthcare Security Metrics

One area where healthcare IT leaders may be able to meet this goal is in establishing cybersecurity metrics and baselines for the industry. Currently, such metrics are generally unavailable, but CDW is working with industry leaders to establish them. Tom Stafford, healthcare CTO with CDW, is spearheading an effort to survey IT leaders in the healthcare sector to get a better understanding of how they measure their security efforts.

Cybercriminals frequently work together to achieve their objectives. Some healthcare IT professionals think their organizations should work together too.

“We want to use this data to create a dashboard that gives companies an understanding of where they sit within the healthcare industry,” Stafford says. By collecting survey data from IT leaders in healthcare, the project is intended to establish a common set of metrics and create a baseline of where the industry stands.

IT Leaders Need Context for Their Security Efforts
The purpose of the survey, Stafford says, is to give IT leaders a clearer perspective on how their security efforts compare with the healthcare industry as a whole. For example, if an organization’s anti-phishing program aims to reduce the likelihood that users will click on a suspicious link in an email, knowing that the organization’s click rate is 1 percent is useful. But knowing that the industry average is 5 percent provides context that shows the organization’s anti-phishing efforts are more effective than the industry average.

Establishing this context has been challenging for several reasons, says Steve LeBlond, vice president of information services and COO of the IS division at Ochsner Health, which is working with CDW on the survey. As a practice, cybersecurity is relatively young, LeBlond says, pointing out that just 10 years ago, few organizations had a CISO position within their corporate structures. In addition, the industry has not established a commonly accepted set of security metrics that should be measured, and, in general, organizations are reluctant to share data about their security efforts for fear of giving cybercriminals information that could be used against them.

Ochsner has built a dashboard that gives the health system’s IT team a clear look at how it is performing in security domains relevant to the National Institute of Standards and Technology’s Cybersecurity Framework. But while the dashboard can tell Ochsner’s IT professionals how many of the company’s endpoints may not have anti-virus software installed, it doesn’t provide any idea how this performance stacks up against the rest of the healthcare industry. LeBlond sees this as a serious challenge. “We’re always working to improve,” LeBlond says. “But without a baseline to reference, we don’t have objective information on how much our efforts have improved our position relative to the industry.”

Taking Measure Against Security Challenges
Every organization should know where it stands on a number of fundamental security metrics. The CDW survey will provide this perspective. IT leaders responding to the survey will report their performance on metrics such as the percentage of unknown devices logged on to their networks versus known devices (a measure provided by many network access control solutions). Other measurements will include the average number of critical vulnerabilities discovered by penetration testing, the percentage of servers that are backed up in the last 24 hours and the percentage of employees who have completed security training. Organizations that participate in the survey will have detailed access to the results.

Ochsner’s IT team reports its performance on these and other metrics to its board of directors every other month. Once the CDW survey is complete, it will provide a context to the board that demonstrates how the IT team is performing compared with the rest of the industry. This information is particularly useful for healthcare organizations looking to prioritize their security investments and efforts in the future.

“Once CISOs have this information,” Stafford says, “they’ll be able to go to their CEOs with a clearer idea of how they think the organization should move forward.”

The News Highlights

  • Here’s a Baseline for Healthcare Security Metrics
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
AMD Ryzen 6000 ‘Rembrandt’ APUs Based on Zen 3+ Architecture

AMD Ryzen 6000 ‘Rembrandt’ APUs Based on Zen 3+ Architecture

AMD Rembrandt Ryzen 6000 APU Family Allegedly Features 6nm Zen 3+ CPU Cores & RDNA 2 GPU Cores With Up To 12 Compute Units As per the new details, AMD’s ...
How Brazil is reforming a public fund to finance broadband expansion

Interpreter Zhe ‘Shelly’ Wang allegedly denies dividing Bill and Melinda Gates

She ended her message with a link to a story titled “#Gates divorce, some vicious people rumor to vilify an innocent Chinese girl.” “I would like to thank ...
Big Exclusive Game Isn’t Very Exclusive

Epic Games wants to spend $200 million on PC ports that are exclusive to the PlayStation

The leak is reportedly from internal documents that suggests Epic Games’ interest in making deals for games from Sony, Microsoft, and Nintendo, specifically ...
Your funds: the benefits of learning about money as you go |   News news

Your funds: the benefits of learning about money as you go | News news

Source richmond.com If they didn’t learn to save, they’d wind up depending entirely on Social Security in retirement, rather than using the government ...
CFPB reports on mortgage tolerance and defaults - finance and banks

CFPB reports on mortgage tolerance and defaults – finance and banks

The CFPB noted that it recently issued a Notice of Proposed Rulemaking that would amend Regulation X, 12 C.F.R. 1024 and the existing Mortgage Servicing Rule ...
Adventure Game The Wardrobe Arrives on Xbox One

HighFleet is an action-adventure game unlike any other I’ve ever played

Its closest relative is probably FTL. HighFleet puts you in command of a ship on a dangerous mission, undertaken across a large map dotted with cities that ...
Baseball wins the second game 7-1, resulting in a split of the doubleheader with Bentley

Baseball wins the second game 7-1, resulting in a split of the doubleheader with Bentley

Game 1: Stonehill 5 – Bentley 6 (10 innings) EASTON, Massachusetts (May 7, 2021) – The Stonehill College baseball team (16-13, 11-11 NE10) split with ...
Super Mario 64 on PC Appearances To Be A Completely Different Game

Super Mario 64 on PC Appearances To Be A Completely Different Game

Everything difference from the original game you see here is thanks mostly to two guys, Dario (ray-tracing) and Render96 (models). While watching you may ...
Cameras capture protesters using dumpster to damage Seattle’s Police East Precinct

Cameras capture protesters using dumpster to damage Seattle’s Police East Precinct

On Thursday night, a dumpster was pushed down a steep ramp to crash into a garage door used by patrol vehicles. The impact caused enough damage to disable ...
Suppliers optimistic about deals with the opening of the South Florida Fair

Suppliers optimistic about deals with the opening of the South Florida Fair

Ashley Lancelot traveled from St. Lucie County to sell her elderberry products at the South Florida Fair. WPTV She traveled from St. Lucie County to ...
Show next
Compsmag - Latest News from tech, business and health
Logo