Cybersecurity is continuously evolving and adapting, which can be onerous in health care environments especially as the number of cyberattacks against hospitals — often in pursuit of sensitive patient and financial data — skyrockets.

网络安全正在不断发展和适应，这在医疗保健环境中可能是繁重的，特别是随着针对医院的网络攻击数量（通常是为了追求敏感的患者和财务数据）激增。

Hospitals are in an increasingly vulnerable position today due to the growth of connected devices employed in health care facilities worldwide. The recent ransomware attack on Change Healthcare highlighted vulnerabilities that exist within the industry (and its supply chain) and the wide-ranging impacts that inadequate security can have on hospital operations..

今天，由于全球医疗保健设施中使用的连接设备的增长，医院处于越来越脆弱的地位。最近针对Change Healthcare的勒索软件攻击突显了行业（及其供应链）中存在的漏洞，以及安全不足可能对医院运营产生的广泛影响。。

This makes the already critical position of Chief Information Security Officers (CISOs) more difficult in the healthcare space. Today, there are three key challenges for healthcare CISOs to contend with.

这使得首席信息安全官（CISO）在医疗领域本已至关重要的地位变得更加困难。今天，医疗保健CISO面临三个关键挑战。

sponsored content

推广内容

How First Dollar Provides Support with Healthcare Benefits

First Dollar如何提供医疗保健福利支持

Health tech executives shared how their companies are putting innovative ideas into action to address the most pressing needs in healthcare, as part of the Vibe at ViVE by MedCity News.

医疗科技高管分享了他们的公司如何将创新想法付诸行动，以满足医疗保健领域最迫切的需求，这是MedCity News在ViVE上的一部分。

By

签字人

First Dollar and MedCity News

第一美元和MedCity新闻

1. Keeping up with the latest healthcare technology

1、跟上最新的医疗技术

By nature, health care organizations must balance innovation and progress with the priority of protecting patient safety. Innovation is requisite for reducing burdens on nurses and physicians and offering the highest quality of care in an increasingly complicated economic climate. The speed of this change has been amplified as the new, tech-native generation of physicians calls for wearables, Internet-of-Things (IoT) devices, the latest imaging machines, and more..

从本质上讲，医疗保健组织必须在创新和进步与保护患者安全的优先事项之间取得平衡。创新对于减轻护士和医生的负担以及在日益复杂的经济环境中提供最高质量的护理是必不可少的。这一变化的速度已经被放大，因为新一代科技本土医生呼吁可穿戴设备、物联网（IoT）设备、最新的成像设备等等。。

However, adopting new technology requires architectural vetting, contract reviews, and significant time and resources. The process of managing technology lifecycles is an uphill battle for CISOs in any organization, especially as complex new technologies emerge. Incorporating innovative technologies must also be done in tandem with “keep the lights on” systems like maintenance, upgrades, and patching, and CISO workloads are facing an all-time high..

然而，采用新技术需要架构审查、合同审查以及大量的时间和资源。在任何组织中，管理技术生命周期的过程对于CISO来说都是一场艰苦的战斗，尤其是在复杂的新技术出现的情况下。整合创新技术还必须与维护、升级和修补等“开灯”系统同时进行，CISO的工作量正面临前所未有的高峰。。

Fortunately, there are ways for CISOs to streamline existing processes without curbing the flow of technological upgrades, such as preparing contract templates, setting clear expectations, and improving project resourcing and portfolio management. Information technology (IT) and information security teams should also be incorporated into the technology planning processes.

幸运的是，CISO可以在不限制技术升级流量的情况下简化现有流程，例如准备合同模板，设定明确的期望，以及改进项目资源和组合管理。信息技术（IT）和信息安全团队也应纳入技术规划流程。

These teams can provide invaluable counsel to hospital leadership — input that could make-or-break the successful implementation of novel technologies..

这些团队可以为医院领导层提供宝贵的建议，这些意见可能会影响新技术的成功实施。。

sponsored content

推广内容

Leveraging Technology for Providers

为提供商利用技术

Health tech executives shared how their companies are putting innovative ideas into action to address the most pressing needs in healthcare, as part of the Vibe at ViVE by MedCity News.

医疗科技高管分享了他们的公司如何将创新想法付诸行动，以满足医疗保健领域最迫切的需求，这是MedCity News在ViVE上的一部分。

By

签字人

Clarify Health and MedCity News

澄清健康和医疗城新闻

2. Making impactful IT investments that demonstrate value

2、进行有影响力的IT投资，展示价值

CISOs and senior leadership should consider IT investments as strategic business assets that generate innovation, promote collaboration, and introduce scalability. At a time when hospital staff experience record levels of burnout across the industry, introducing modern technology can lighten workloads for care providers while lowering costs.

CISO和高级领导层应将IT投资视为产生创新、促进协作和引入可扩展性的战略业务资产。当医院员工在整个行业经历创纪录的职业倦怠时，引入现代技术可以减轻护理提供者的工作量，同时降低成本。

Investments that eliminate tedious manual processes, reduce safety risks, cut down diagnostic times, and streamline the revenue cycle provide the most obvious value to the organization. Health care facilities should also seek ways to minimize clinician “pajama time,” or after-hour administration work, to help alleviate burnout and lessen the burden of the ongoing physician shortage..

消除繁琐的手动流程、降低安全风险、缩短诊断时间和简化收入周期的投资为组织提供了最明显的价值。医疗保健机构还应寻求尽可能减少临床医生“睡衣时间”或下班后管理工作的方法，以帮助减轻职业倦怠，减轻持续医生短缺的负担。。

While some technology is universally welcomed, not all IT investments provide equal advantages to the organization. Health care organizations run on tight margins, and despite the obvious value of cybersecurity investments, CISOs often face an uphill battle when communicating the return on investment of risk reduction strategies.

虽然一些技术受到普遍欢迎，但并非所有的IT投资都能为组织提供同等的优势。医疗保健组织利润微薄，尽管网络安全投资具有明显的价值，但CISO在传达风险降低策略的投资回报率时往往面临着一场艰难的战斗。

CISOs can address hesitation by quantifying the potential impacts of cyber risk reduction efforts. For example, when communicating the value of a proposed new IT investment, CISOs can use the Factor Analysis of Information Risk (FAIR) model or to estimate the value of hourly downtime avoided relative to average daily revenue..

CISO可以通过量化网络风险降低工作的潜在影响来解决犹豫问题。例如，在传达拟议的新IT投资的价值时，CISO可以使用信息风险因素分析（FAIR）模型，或者估计相对于平均每日收入避免的每小时停机的价值。。

Anticipating workforce needs, constant communication with other stakeholders, and linking technical risks to business outcomes are key to ensuring that security practices and IT investments are in alignment with the facility’s needs and expectations.

预测员工需求、与其他利益相关者的持续沟通以及将技术风险与业务成果联系起来，是确保安全实践和IT投资符合设施需求和期望的关键。

3. Championing cybersecurity practices hospital-wide

3、在全院范围内支持网络安全实践

Some of the most cumbersome elements of an information security role involve communicating the importance of security protocols to staff and linking technical risk to real-world outcomes. Clinical staff handle a daily influx of complex patient requests and tasks, and CISOs must provide enough security information to be effective without adding extra burden, continuing to reinforce best practices over time..

信息安全角色中最麻烦的部分包括向员工传达安全协议的重要性，并将技术风险与现实结果联系起来。临床工作人员每天处理大量复杂的患者请求和任务，CISO必须提供足够的安全信息，以便在不增加额外负担的情况下有效，并随着时间的推移继续加强最佳实践。。

CISOs can effectively share cybersecurity information through organization-wide forums such as leadership meetings, town halls, and committees. The information security team can provide updates through these forums and develop outreach programs to educate the workforce on the latest security enhancements and requirements.

CISO可以通过组织范围的论坛（如领导会议、市政厅和委员会）有效共享网络安全信息。信息安全团队可以通过这些论坛提供最新信息，并制定外联计划，以教育员工了解最新的安全增强功能和要求。

Having hospital leadership share cybersecurity information also helps underscore the importance of these practices..

让医院领导层共享网络安全信息也有助于强调这些做法的重要性。。

Health care CISOs should take on the role of an advocate when educating IT teams and broader hospital staff about the importance of existing and new security measures. Making the information security and IT teams accessible to staff who have questions will help maintain or ramp up hospital-wide security processes.

在教育IT团队和更广泛的医院员工了解现有和新安全措施的重要性时，医疗保健CISO应该扮演倡导者的角色。让有问题的员工可以访问信息安全和IT团队，这将有助于维护或加强医院范围的安全流程。

It is also important for these teams to be able to provide clinical staff with reasoning for administrative and technical controls that may seem tedious to avoid any internal resistance and ensure smooth adoption..

对于这些团队来说，能够为临床工作人员提供行政和技术控制的理由也很重要，这些控制可能看起来很繁琐，以避免任何内部阻力并确保顺利采用。。

The changing role of security

不断变化的安全角色

Health care organizations face numerous cybersecurity challenges as security and IT teams continuously work to maintain data and systems security against evolving cyber threats. The need to address these challenges is critical as cyberattacks on hospitals grow and complexify. Fortunately, there are several steps that CISOs and cybersecurity professionals can take to get ahead of looming digital threats in the healthcare space.

随着安全和IT团队不断努力维护数据和系统安全以应对不断演变的网络威胁，医疗保健组织面临着众多网络安全挑战。随着对医院的网络攻击的增长和复杂化，应对这些挑战的必要性至关重要。幸运的是，CISO和网络安全专业人员可以采取几个步骤来应对医疗保健领域迫在眉睫的数字威胁。

Streamlining technology adoption, integrating teams and hospital leadership when making purchasing decisions, and finding new avenues to share cybersecurity information will help CISOs bring their organization and the broader health care industry to a safer, more secure place..

简化技术采用，在做出采购决策时整合团队和医院领导层，并寻找共享网络安全信息的新途径，将有助于CISO将其组织和更广泛的医疗保健行业带到一个更安全、更安全的地方。。

Photo: anyaberkut, Getty Images

图片：anyaberkut，盖蒂图片社

Topics

主题

chief information security officer

首席信息安全官

cyberattacks

网络攻击

ransomeware

勒索软件

MedCity News Daily Newsletter

MedCity新闻每日通讯

Sign up and get the latest news in your inbox.

注册并在收件箱中获取最新消息。

Enter your email address

输入您的电子邮件地址

Subscribe Now

立即订阅

We will never sell or share your information without your consent. See our privacy policy.

未经您同意，我们绝不出售或共享您的信息。请参阅我们的隐私政策。