To keep up with security issues raised by the transition to a much larger remote workforce and expanded telehealth services during the COVID-19 crisis, healthcare entities should modify their approach to risk management, says Dustin Hutchison of the security consultancy Pondurance.
“Focusing on streamlining the risk management process is really going to be key,” he says in an interview with Information Security Media Group.
“Think about the timelines related to implementing new technology – or even allowing this new remote access. Maybe it’s not about adopting the 100-plus controls in the National Institute of Standards and Technology framework, but rather understanding multifactor authentication, encryption of data at rest and in transit, how user accounts are managed, and also the cybersecurity practices of a vendor and whether they have remote access or not.”
He says organizations should determine the most critical controls that are needed “and fast-track them as much as possible. … It’s about saying: ‘We have this pandemic to deal with, but we still care about cybersecurity – so what can we do to fast-track that?'”
In the interview (see audio link below photo), Hutchison also discusses:
- Evolving ransomware attack tactics and trends;
- The importance of network monitoring during the COVID-19 crisis;
- Advice for addressing medical device cybersecurity challenges.
Hutchison is a partner and COO at Pondurance, an Indianapolis-based security consulting and services firm. He has nearly 20 years of experience in information security, risk management and regulatory compliance. Previously, he was a risk and compliance professional focusing on HIPAA, PCI and risk assessments for new technology acquisitions ranging from infrastructure solutions to patient care devices.