Staying ahead of cybersecurity risks

By Margaret Dahl

Hospitals and health systems are under attack from new forms of viruses every day.

But some of these viruses don’t attack the human body. As recent news reports have highlighted, hospitals and health systems are now prime targets for malicious malware viruses that seek to infiltrate hospitals’ computer networks.

Cyber vulnerabilities and intrusions pose particular risks for hospitals, with the potential to affect all networked technology — from clinical to financial to administrative systems — and to disrupt operations. These intruders also could potentially pose a risk to patient safety by affecting connected devices, including medical equipment.

Cybersecurity is more than just an information technology issue. Hospitals can prepare for and manage computer risks not by viewing cybersecurity as out of the norm but, rather, by making it part of the hospital’s existing governance, risk management and business continuity framework.

Hospitals also will want to ensure that the approach they adopt remains flexible and resilient to address threats that are sure to be multipronged and constantly evolving. Crucially, it takes vigilance from everyone with access to the network to ensure networked systems are not compromised.

To help, the American Hospital Association has a dedicated cybersecurity webpage that includes a multitude of resources to help hospital leaders and trustees understand various types of cybersecurity threats and incorporate cyber risk reduction and response into their strategic priorities. There, you will find guides containing important questions to ask as you assess your hospital’s cybersecurity plans, as well as podcasts and webinars explaining emerging threats, and alerts from the AHA and federal partners that are updated regularly as attacks and intrusions occur.

Protecting patients and critical health care and operational data is a 24/7, year-round responsibility. Hospitals must be working continuously to protect their networks through security measures, testing, maintaining backups and deploying the latest upgrades.

Members of a hospital’s board of trustees, although not involved in day-to-day management and operations, have the responsibility to understand, at a high level, the risks and vulnerabilities their hospital faces in the realm of cybersecurity, as well as the executive leadership’s security and response plans. I encourage you to visit www.aha.org/cybersecurity today to learn more.

Margaret Dahl (Margaret.Wagnerdahl@innovate.gatech.edu) is Committee on Governance chair and a trustee of WellStar Health Network ACO in Marietta, Ga.