The Onakee Group

Cyber Policy | National Institute of Standards and Technology

cecb_slide06

Organizations that have already aligned their security programs to either the NIST Cybersecurity Framework or the HIPAA Security Rule may find this crosswalk helpful in identifying potential gaps in their programs. Taking specific action to address these gaps can bolster compliance with the Security Rule and improve an entity’s ability to secure ePHI from a broad range of threats. The HIPAA Security Rule is designed to be flexible, scalable, and technology-neutral, which enables it to accommodate integration with more detailed frameworks such as the NIST Cybersecurity Framework. Although the Security Rule does not require use of the NIST Cybersecurity Framework, and use of the Framework does not guarantee HIPAA compliance, the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.

For capacity planning, regulatory planning and auditing we use modeling tools to project the impact of new policies and employee behavior. These capacity planning tools help infrastructure and Board governance teams create, anticipate and balance.

01

Preparing For Healthcare Cybersecurity Threats

Hackers will continue to go after networks, systems, and applications that have been misconfigured or are not maintained properly. Good cyber hygiene will become a common phrase to describe how organizations should approach managing the integrity of the enterprise. Organizations can be expected to look to improve their vulnerability management, increase the frequency of technical testing, add penetration testing, address long overlooked weaknesses in network segmentation and replace/refresh end-of-life platforms.

02

Medical Professional: Staff Training

Successful organizations will be defined not by whether they have or haven’t had a cyber event, but rather by how well they manage the enterprise, are able to detect attackers, efficiently respond to events, and restore operations with minimal compromise or loss of IT assets and disruption.

03

American Hospital Association | Cybersecurity

Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework. Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.

Get Started Learn More