商务合作
动脉网APP
可切换为仅中文
The following is a guest article by Martha George, Compliance Leader at Vimly Benefit Solutions
以下是Vimly Benefit Solutions合规主管Martha George的客串文章
American businesses are no stranger to cyberattacks, with notable breaches causing significant disruptions across various industries, including healthcare conglomerates like Change Healthcare and the ransomware attack on Mr. Cooper, a major mortgage loan company, that risked data on more than 14 million current and former clients.
美国企业对网络攻击并不陌生,明显的违规行为会在各个行业造成重大破坏,包括Change healthcare等医疗保健企业集团以及对主要抵押贷款公司Cooper先生的勒索攻击,这些攻击会使1400多万现有和前客户的数据面临风险。
Organizations of all sizes strive to stay ahead of threat actors to prevent future attacks. This challenge is incredibly daunting for small businesses in the healthcare sector, which are more vulnerable to the severe impacts of data breaches..
各种规模的组织都努力走在威胁行为者的前面,以防止未来的袭击。对于医疗保健行业的小企业来说,这一挑战令人望而生畏,因为它们更容易受到数据泄露的严重影响。。
A 2023 Cyber Readiness Report from Hiscox found that 41% of SMBs were victims of at least one successful cyberattack in the past year. The situation is further complicated because HR departments within these SMBs handle a significant amount of sensitive employee information. The challenges can be particularly daunting for small offices with limited resources, where one person might juggle HIPAA compliance, security, and HR responsibilities..
Hiscox发布的2023年网络就绪报告发现,41%的中小企业在过去一年中至少遭受过一次成功的网络攻击。情况更加复杂,因为这些中小企业中的人力资源部门处理大量敏感的员工信息。对于资源有限的小型办公室来说,这些挑战可能特别艰巨,因为一个人可能要兼顾HIPAA合规性、安全性和人力资源责任。。
According to IBM’s 2024 Cost of a Data Breach report, when organizations suffered from a high-level shortage of security skills, the average breach costs were USD 5.74 million. This highlights a critical issue for SMBs, which often lack dedicated security and IT departments, making them susceptible to high costs.
根据IBM的2024年数据泄露成本报告,当组织遭遇高度安全技能短缺时,平均泄露成本为574万美元。这凸显了中小型企业面临的一个关键问题,因为中小型企业通常缺乏专门的安全和IT部门,因此容易受到高成本的影响。
Such a financial burden would undoubtedly threaten their stability. Unfortunately, the damage extends beyond revenue loss; businesses face long-term repercussions from legal ramifications, insurability issues, reputational damage, and regulatory investigations. Staff morale can also suffer, potentially leading to expensive turnover.
这种财政负担无疑会威胁到他们的稳定。不幸的是,损害超出了收入损失;企业面临着法律后果、可保性问题、声誉损害和监管调查的长期影响。员工士气也可能受到影响,可能导致人员流失。
This clearly shows that stringent controls and protocols are essential to safeguard against cybercrime..
这清楚地表明,严格的控制和协议对于防范网络犯罪至关重要。。
How can healthcare organizations navigate the complexities of benefits administration while maintaining robust data security and privacy measures? Many are turning to the HITRUST Common Security Framework or HITRUST CSF.
医疗保健组织如何应对福利管理的复杂性,同时保持强大的数据安全和隐私措施?许多人转向HITRUST通用安全框架或HITRUST CSF。
HITRUST Certification: Increased Security and Streamlined Compliance
HITRUST认证:提高了安全性并简化了法规遵从性
Initially designed for healthcare organizations, HITRUST certification now applies across industries, enabling companies to demonstrate their adherence to strict standards for protecting sensitive information, especially health-related data. The HITRUST CSF incorporates and leverages various leading security and privacy standards and frameworks, including NIST, FTC, CMS, state legislation, and industry standards.
HITRUST认证最初是为医疗保健组织设计的,现在它适用于各个行业,使公司能够证明他们遵守严格的标准来保护敏感信息,尤其是与健康相关的数据。HITRUST CSF整合并利用了各种领先的安全和隐私标准和框架,包括NIST、FTC、CMS、州立法和行业标准。
This comprehensive framework offers a solid layer of oversight and helps prevent significant losses from security breaches due to noncompliance and inadequate safeguards..
这个全面的框架提供了一个坚实的监督层,有助于防止由于不遵守和保障措施不足而导致的安全漏洞造成重大损失。。
Here’s how HITRUST certification benefits SMBs, associations, and multiple employer groups:
以下是HITRUST认证如何为中小型企业、协会和多个雇主群体带来好处:
Comprehensive Compliance: HITRUST certification ensures adherence to various regulatory requirements, including HIPAA and GDPR, simplifying business compliance efforts and saving time and resources
全面的法规遵从性:HITRUST认证可确保遵守各种法规要求,包括HIPAA和GDPR,从而简化业务法规遵从性工作并节省时间和资源
Targeted Controls: HITRUST certification helps organizations identify the most relevant controls from thousands of existing requirements and frameworks, such as those from the National Institute of Standards and Technology (NIST); this simplifies the implementation process, allowing businesses to focus on the controls that matter most to their needs.
有针对性的控制:HITRUST认证有助于组织从数千个现有需求和框架中识别最相关的控制,例如国家标准与技术研究所(NIST)的需求和框架;这简化了实施过程,使企业能够专注于对其需求最重要的控制。
Partnership with Experts: For businesses with limited support staff, partnering with a HITRUST-certified vendor provides access to a team of experts equipped to implement and maintain stringent security protocols – this partnership frees internal resources to focus on core business functions that keep offices running and providing services; collaborating with HITRUST-certified experts also offers the guidance necessary to mitigate benefits administration challenges, prove compliance with regulations and standards, and protect against cybercriminals.
与专家合作:对于支持人员有限的企业,与HITRUST认证的供应商合作,可以访问配备有执行和维护严格安全协议的专家团队-这种合作关系可以释放内部资源,专注于维持办公室运行和提供服务的核心业务功能;。
Continuous Improvement: Cybercriminals are constantly evolving their methods to increase their chances of success – to stay ahead of this threat, organizations also need a system that evolves. HITRUST certification requires rigorous validation of existing controls every other year and an interim assessment testing a sample of critical controls within one year of certification; HITRUST CSF framework is regularly updated to ensure your security environment, partner systems, and processes align with the latest security standards and emerging threats.
持续改进:网络犯罪分子正在不断改进他们的方法,以增加他们成功的机会-为了保持领先于这种威胁,组织还需要一个不断发展的系统。HITRUST认证要求每隔一年对现有控制进行严格验证,并在认证后一年内对关键控制样本进行中期评估测试;HITRUST CSF框架会定期更新,以确保您的安全环境、合作伙伴系统和流程符合最新的安全标准和新出现的威胁。
Taking the Next Step
采取下一步行动
Establishing a partnership with a HITRUST-certified vendor or utilizing HITRUST-certified systems offers small businesses a solution that goes beyond mere regulatory compliance. It provides a level of assurance that stringent controls are in place to protect their most vulnerable data from cybercriminals.
与HITRUST认证的供应商建立合作伙伴关系或利用HITRUST认证的系统为小型企业提供了一种超越监管合规性的解决方案。它提供了一定程度的保证,即制定了严格的控制措施,以保护其最脆弱的数据免受网络犯罪的侵害。
While SMBs may struggle to implement these resources independently, many can partner with Association Health Plans, Trusts, and other multiple employer groups that often have access to HITRUST-certified systems and processes. This collaboration provides increased peace of mind and significantly reduces the risk of data breaches, ensuring a more secure environment for employee data..
虽然中小企业可能难以独立实施这些资源,但许多企业可以与协会健康计划、信托基金和其他多雇主团体合作,这些团体通常可以访问HITRUST认证的系统和流程。这种协作提供了更大的安心,并大大降低了数据泄露的风险,确保了员工数据的安全环境。。
About Martha George
关于玛莎·乔治
With over three decades of experience in healthcare regulatory compliance, privacy, and security, Ms. George has established herself as a leader in the field, achieving accreditation and certification such as HITRUST, SOC 1 and SOC 2, and TJC for organizations. Her career spans managing programs for Fortune 50 companies and advising SMBs and startups, always focusing on data integrity and security.
凭借在医疗保健法规遵从性、隐私和安全方面30多年的经验,乔治女士已成为该领域的领导者,获得了HITRUST、SOC 1和SOC 2以及组织TJC等认证和认证。她的职业生涯包括管理财富50强公司的项目,为中小企业和初创公司提供咨询,始终专注于数据完整性和安全性。
Ms. George is recognized for developing and implementing robust operational controls, managing risk, and ensuring governance in complex regulatory landscapes. Her deep expertise makes her a trusted authority, consistently driving excellence in compliance across various sectors..
乔治女士因制定和实施稳健的运营控制、管理风险以及确保复杂监管环境中的治理而受到认可。她深厚的专业知识使她成为一位值得信赖的权威,不断推动各个部门的卓越合规性。。
TagsCybercriminals Cybersecurity Data Breach data security Healthcare Certification Healthcare Cybersecurity Healthcare Security Certification HITRUST Martha George Vimly Vimly Benefit Solutions
TagsCybercriminals网络安全数据漏洞数据安全医疗保健认证医疗保健网络安全医疗保健安全认证HITRUST Martha George Vimly Vimly福利解决方案
Get Fresh Healthcare & IT Stories Delivered Daily
每天提供新鲜的医疗保健和IT故事
Join thousands of your healthcare & HealthIT peers who subscribe to our daily newsletter.
加入成千上万订阅我们每日新闻稿的healthcare&HealthIT同行。
We respect your privacy and will never sell or give out your contact information
我们尊重您的隐私,绝不出售或泄露您的联系信息