Adrian Johnson
TLDR:
Key Points:
- Shawn Tuma, a cybersecurity expert, discusses common causes of health care data breaches and how to mitigate risks.
- Cybersecurity is an ongoing process and should be treated as warfare, requiring constant vigilance and risk assessment.
Article Summary:
Shawn Tuma, JD, CIPP/US, partner at Spencer Fane LLP, delves into the world of cybersecurity in the healthcare sector during the 2024 Community Oncology Conference. He highlights the three main types of cyberattacks organizations face, including attacks on the organization itself, downstream organizations, and the supply chain. Tuma emphasizes the importance of properly preparing for breaches and addressing common vulnerabilities.
One key aspect Tuma stresses is the need for organizations to separate their IT and security functions, as they require different skill sets and expertise. He identifies common failures such as enabling remote desktop protocol (RDP), inadequate backups, lack of multifactor authentication, and insufficient user training as contributing factors to data breaches.
Tuma makes a crucial point that cybersecurity cannot be entirely fixed but should be approached as an ongoing battle against evolving threats. He underscores the importance of conducting regular risk assessments, following recognized security practices, and staying updated on cybersecurity best practices.
Furthermore, Tuma highlights the US Department of Health and Human Services Office of Civil Rights’ focus on risk assessment and the adoption of recognized security practices in healthcare organizations. He suggests referencing HHS 405(d) as a valuable resource for enhancing cybersecurity measures.
In conclusion, Tuma’s insights shed light on the complex nature of cybersecurity in healthcare and the necessity for organizations to adopt a proactive and continuous approach to mitigate risks and protect sensitive data.
