Like other data-driven organizations, healthcare networks are vulnerable to potentially crippling cyberattacks but may lag behind other sectors in preparing for and avoiding data breaches, according to a series of articles and commentaries in the Fall issue of Frontiers of Health Services Management, an official publication of the American College of Healthcare Executives (ACHE). This journal is published in the Lippincott portfolio by Wolters Kluwer.
Cyberattacks pose a real threat that all healthcare leaders and boards can and must address with strategic plans of action to prevent vulnerabilities, minimize risk, and respond to incidents when they do occur, writes Frontiers Editor Trudy Land, FACHE, in an introductory editorial.
Preventing Cyberattacks: 'In Cybersecurity, Everyone Is a Stakeholder'
The new issue highlights two feature articles in which healthcare executives share their insights and experiences with building an effective cybersecurity strategy to protect valuable but vulnerable healthcare data. Dennis W. Pullin, FACHE, of Virtua health system in Marlton, N.J., emphasizes the importance of process improvements and team culture. At Virtua, "Cybersecurity is a team effort," Mr. Pullin writes. "From board trustees to frontline employees, everyone is held accountable for protecting the organization against cyberattacks."
Michael J. Reagin and Michael V. Gentry, FACHE, of Sentara Healthcare in Norfolk, Va., discuss the role of enterprise cybersecurity walking readers through the essential integration of people, process, and technology involved in building a world-class cyber defense program. The authors write, "Partnering with a managed security services provider to build the key components of a program, rather than developing them completely in-house, can reduce costs and provide a higher level of expertise."
In a commentary, Dane C. Peterson and colleagues of Emory Healthcare in Atlanta point out that the costs of cyberattacks include real risks to patient safety and quality of care. One study reported a significant increase in a hospital's 30-day mortality rate for acute myocardial infarction, lasting for years after a cyberattack. The authors highlight key components of the cybersecurity strategies outlined by the feature articles:
- Third-party risks ensuring that vendors are also taking cybersecurity seriously
- Value of multifactor identification in limiting "both the likelihood and impact of data breaches
- Staff training (and follow-up) in recognizing phishing scans and protecting passwords
- Effective security staffing models, including the importance of internal and external collaboration
- "Cyberleadership" and culture, including engagement of senior leaders in a cybersecurity oversight committee
- Governance and financing challenges, including the role of a Board-level IT committee
Additional commentaries share perspectives from an insurer (Sean P. Murphy, FACHE, of Premera Blue Cross in Washington and Alaska) and a healthcare IT expert (Carla Smith of the Healthcare Information and Management Systems Society, Chicago).
The editors and contributors hope that the cybersecurity-focused issue of Frontiers will increase awareness of the vulnerability to cyberattacks at every level of the healthcare system. Through organization-wide training, leaders can raise critical security consciousness, explain the various threats, develop and disseminate policies and procedures, emphasize the severe consequences of an attack, and convey shared responsibility," Trudy Land writes. "In cybersecurity, everyone is a stakeholder.
About Frontiers of Health Services Management
Frontiers of Health Services Management, the quarterly journal of the American College of Healthcare Executives, can bring you up to speed on the latest trends quickly. Each issue focuses on one healthcare management topic, providing you with the knowledge you need to understand and react to evolving trends. Frontiers is written by experts on the topic and includes commentary from the field.
About the American College of Healthcare Executives
The American College of Healthcare Executives is an international professional society of 40,000 healthcare executives who lead hospitals, healthcare systems and other healthcare organizations. ACHE's mission is to advance its members and healthcare management excellence. ACHE offers its prestigious FACHE credential, signifying board certification in healthcare management. ACHE's established network of 78 chapters provides access to networking, education and career development at the local level. In addition, ACHE is known for its magazine, Healthcare Executive, and its career development and public policy programs. Through such efforts, ACHE works toward its vision of being the preeminent professional society for leaders dedicated to improving health.
The Foundation of the American College of Healthcare Executives was established to further advance healthcare management excellence through education and research. The Foundation of ACHE is known for its educational programs including the annual Congress on Healthcare Leadership, which draws more than 4,000 participants and groundbreaking research. Its publishing division, Health Administration Press, is one of the largest publishers of books and journals on health services management, including textbooks for college and university courses. For more information, visit www.ache.org.