Health Law Highlights

Understanding Barriers to Cyber Resilience in Healthcare

Summary of article from HealthIT Security, by Jill McKeon:

Cyber resilience in healthcare, which enables swift response and recovery from cybersecurity incidents, faces several barriers including a lack of understanding of the concept, misalignment between cybersecurity and business, and the complexity of IT systems. Research by LevelBlue reveals that 76% of healthcare organizations view cyber resilience as primarily the responsibility of cybersecurity teams, rather than an enterprise-wide priority. Budgets are often reactive, with 77% of respondents describing their budgets as such, and there is a notable lack of understanding about cybersecurity at the board level. The rapid innovation in healthcare technology, while beneficial, adds to the cyber risk, making resilience more complex. To improve cyber resilience, healthcare organizations should use reporting metrics and analysis, increase communication at the C-suite level, improve employee training, and adopt resources like the Health Industry Cybersecurity Practices (HICP) for better alignment with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).