Best Practices for the Health Care Industry

ACCORDING TO Gregory A. Garrett, BDO’s Head of U.S. and International Cybersecurity, the following cybersecurity best practices have been gathered from the education, training, and consulting services which BDO has conducted in the past year in partnership with the American Hospital Association (AHA) to the senior executives of over 5,000 U.S. hospitals nationwide:

• Understand U.S. hospitals and health systems are high-value targets for cyberattacks, thus, cyber education and training programs are a must!
• Gather threat intelligence in order to understand the threat landscape to help your organization prepare in advance of a cyber data breach.
• Hire an independent firm to conduct email attack threat assessments, network attack threat assessments, vulnerability assessments, and penetration testing on your information system in order to obtain an accurate picture of your organization’s real information security posture.
• Realize cyber threats are always changing, evolving and growing in sophistication so it is vital to have an effective Business Continuity Plan (BCP) and Disaster Recovery (DR) plan.
• Ensure your organization has an active monitoring, detection, and incident response capability to rapidly identify cyber intrusions and quickly contain and eradicate malicious software.
• Inform senior leadership and governing board members with relevant but not overly complex cyber threat statistics to help inform them so they can make better business decisions regarding cybersecurity investments.