Key Insights From the Department of Health and Human Services IT Strategic Plan
The healthcare industry is often uniquely at risk to cyber threats for a few reasons: the amount of personal data and information within a network, the great need for that information to be available quickly and consistently (to doctors, nurses, etc.), and the growing number of cyber threats. But, with all of that known, most modern healthcare organizations have been taking huge steps in the realm of
cyber threat intelligence and data safekeeping. The US Department of Health and Human Services consistently updates a landmark document entitled the
Information Technology Strategic Plan, which can be read online. In the most recent revision of this strategic document, the HHS highlighted critical components for the healthcare industry, both technical and collaborative, to better improve cybersecurity capabilities.
The document puts a focus on these five vital concepts in particular:
1. Cybersecurity and privacy: A general and broad theme meant to consistently cover all of the strategic bases.
2. IT workforce: Highlighting the need for dedicated professionals.
3. Shared services: Having the ability for multiple parts of the organization to take part in the cybersecurity process.
4. Interoperability and usability: Information needs to flow easily and in a translatable fashion to all sectors of an organization's software/hardware systems.
5. IT management: A deep understanding of policy and principle.
The CIO of the HHS, Anne Killoran, succinctly summed up how the HHS uses protocol in the cybersecurity of her own department, and the words ring true for other organizations in the healthcare industry: "HHS employs a robust risk management approach through improved asset management, robust threat and vulnerability analysis and established response and recovery plans and procedures," she wrote in the cover letter for the recent report. "This allows HHS to maintain its security posture, considering the integrated operations of HHS, consistent with its mission and business needs."
The department went on to highlight the need for risk management in threat prioritization. The HHS pointed out the importance of a focus on collaboration amongst the business community to communicate threats that may affect similar organizations. Knowledge needs to flow freely in order for
cyber threat intelligence to have its intended security impact. By using readily available research and guidance, such as the Information Technology Strategic Plan, companies can mimic some of the procedures to their benefit.
Contact NC4 for more information on our services, and keep up with
our blog for the latest in cybersecurity.
Back to Security Risks & Intelligence | Back to All Categories