Benjamin Franklin was not likely talking about cybersecurity in the 21st century when he said, “If you fail to plan, you are planning to fail.” However, he did describe the state of healthcare around confidentiality, integrity and availability in 2018.
At this point, everyone in healthcare — from the registration desk to the Board of Directors — has seen the litany of reports and stories of security and privacy incidents ranging from an EMR outage to a ransomware attack. Everyone has seen the impacts, too, from disruption of clinical services to lost revenue, loss of trust, and damage to brand reputation. Finally, leaders at healthcare organizations, from physician practices to large multi-hospital systems, are starting to ask questions about how to deal with attacks or other cyber incidents.
Unfortunately, those questions may not help to ultimately solve the problem. Typically, the questions they ask are, “How do we protect ourselves and comply with all the regulations, and how do we keep from being the next headline?” The question they should be asking is, “How can we make good, rational decisions — both from a business and a clinical perspective given the risks we face?” Asking the wrong question will always result in getting the wrong answer. [Read more…]