Security: You can’t just check the boxes
Organizations rely on safety nets to protect their bottom line from a catastrophic event. The healthcare industry is no different. Security breaches are becoming more rampant and, due to government regulations, expensive to address in their aftermath. To protect themselves, organizations are taking out liability insurance policies to help defer the costs when a data breach occurs.
The policy and associated premium are based on questionnaires or self-assessments completed by the covered organization. What happens if you inadvertently or willfully misrepresent your security posture? Take a look at this story at Healthcare IT News. Don’t think it can happen to you? Think again. Insurance companies make money by not having to pay claims. You better have your ducks in a row.
Rather than just checking the boxes on the form, develop a comprehensive security plan that is properly supported with policies, procedures, and monitoring. It doesn’t take a room full of FTEs to do this effectively. Careful adherence to your plan and strategically employing various technologies and automation, will not only help protect your organization against the bad guys, but will also ensure you are in compliance with your insurance obligations.
Don’t be naive about your security posture. You are under constant attack. Go out and get help from a third party (like us!) if you cannot do it yourself.