https://www.healthcarefinancenews.com/news/cant-afford-security-chief-here-are-alternatives
By Susan Morse
Senior Editor
Healthcare Finance
October 22, 2018
Particularly for smaller hospitals and medical groups, hiring a full-time
chief information security officer can be a stretch of the budget and
resources. But patient data must still be protected because smaller
organizations face many of the same risks larger systems do.
So cybersecurity responsibility often falls to the CIO, the IT director,
or, even to a certain extent, the hospital's EHR vendor, none of which are
traditionally aligned with a cyber role.
"All hospitals need to have an individual or entity that provides the
position," said Norma Krayem, senior policy advisor for Holland & Knight
and chair of the Global Cybersecurity and Privacy Policy and Regulation
Team. "The risk is so critical, that hospitals can't afford not to have
someone doing this job."
That reality is giving rise to two alternatives: tapping the expertise of
a virtual CISO or outsourcing cybersecurity to a managed provider.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
