網絡安全與技術：了解威脅和合規性.pdf

1、 Iron Bow Healthcare Solutions.All rights reserved.Cybersecurity and Telehealth:Understanding Threatsand CompliancePresented By:Tom WoottonCybersecurity Advisory Services Lead,Iron Bow Technologies Iron Bow ProprietaryIron Bow ProprietaryIron Bow ProprietaryIron Bow ProprietaryIron Bow ProprietaryIr

2、on Bow ProprietaryIron Bow ProprietaryCybersecurity IN HealthcareIron Bow ProprietaryCommon Misconceptions If there is an accessibility or availability issue,IT will fix it.If there is a cyber event that impacts the organization or institution,IT will correct it.If a regulatory violation occurs and

3、is discovered in an audit or assessment,IT takes the blame and is responsible for remediation.IT and Cyber are the same thing.Iron Bow Proprietary If there is a patient with a sore joint,who does that patient see?A surgeon?A cardiologist?A pediatrician?Thinking the IT department/individual is the sa

4、me as a Cyber department/individual is akin to saying a patient can see any healthcare professional regardless of ailment for proper treatment.IT and Cyber are not the same thing and should not be addressed or treated the same way.To put it another wayIron Bow ProprietaryHealth-ISAC analyzed cyberse

5、curity breach-related data from mid-2023 over the past 13 years posted by the U.S.Government:Recent(1 year)Statistics5,558Events438MBreached PHI Records3,349Incidents Were reported Over the First 10 years of reporting2,209Incidents were Reported Over Past 3 YearsThe above averages to over 86,000 PHI

6、 records being exposed every day over the past 13 years.Iron Bow Proprietary Some compliance with industry regulation(HIPAA)Some cybersecurity management in large conglomerates General understanding that cybersecurity postures can always be improvedWhat IS PresentIron Bow Proprietary Adequate cybers

7、ecurity attention and coverage in smaller and more rural healthcare institutions Adequate cybersecurity budgets and cybersecurity training for ALL employees/staff Attention on and mitigation of the overuse and over-reliance on unstable technologies Proper risk management of the healthcare institutio

8、n versus compliance-focus The understanding that cybersecurity can no longer be an afterthought.It MUST be part of all decision-making within the institution as human lives are at stakeWhat IS NOT PresentIron Bow Proprietary Organizational connection security concerns Connection security and stabili

9、ty concerns Data sharing security concerns Understanding threats that affect Telehealth platforms as well as healthcare institutions Social-engineering vulnerabilitiesWhat Does This Mean for Telehealth?Iron Bow Proprietary Does the organization have any security on the devices they use to connect wi

10、th patients?Will the connection be constant without interruption?If files are shared during the session,who else has access to them(if anyone)?What else is out there that one should be concerned about that could have a negative impact on Telehealth or healthcare in general?Is there someone connected

11、 that is trying to trick the organization into divulging information?What(Simplified)?Iron Bow ProprietaryCybersecurity AND HealthcareIron Bow ProprietaryWhat Can Be Done?Training and awareness for employeesAsk questions,collaborate,and communicateMake cybersecurity part of the daily routineBe trans

12、parent across the organizationCheck and double-check security settings/configurations PRIOR to connecting with patientsIron Bow ProprietaryWhat Can Be Done?Look at cybersecurity training and awareness as actual learning exercises,not as a yearly check-the-box compliance item that has the approach of“click,click,next,Finish”.The more you apply cybersecurity knowledge to your everyday routines,the more secure the organization will become as a whole.Questions?Iron Bow Healthcare Solutions.All rights reserved.Thank You!Visit the Iron Bow Booth&Find us at the Networking Reception!