Don’t think of the Health Industry Cybersecurity Practices as a set of requirements. The document, which was created by 150 experts, is meant to be viewed as “collection of recipes” for keeping data secure, says Erik Decker.
Although there was much to consider in creating a set of cybersecurity guidelines, the important feedback the industry-led group received, according to Erik Decker, was to make sure it was “concise.”
Let’s face it – small organizations can’t invest as much in cybersecurity as large IDNs. But there are steps they can take, says Erik Decker, who leads the workgroup that’s tasked with getting them on the right path.
One of the biggest gaps when it comes to cybersecurity strategies? Incident response, says Erik Decker, who believes most plans are focused too much on reaction, and not enough on proactive measures.