It could happen to you — how to prepare for and mitigate the fallout from a cyberattack

It could happen to you — how to prepare for and mitigate the fallout from a cyberattack
McKnight's Senior Living; by Kimberly Bonvissuto;8/28/24
Everyone thinks they know about cybersecurity, but thinking about the effects a cyberattack could have on an organization should be enough to lose sleep over, according to risk management experts. ... Cybersecurity, at its core, is about confidentiality, integrity and availability, according to John P. DiMaggio, co-founder and CEO of Blue Orange Compliance, a risk assessment company. Including senior living in the definition of healthcare, he said that healthcare organizations are targets of cyber criminals because of their relatively weak defenses, the value of the data necessary for operations, and the numerous interfaces and sharing of information that occurs among providers. ... Reasonable security practices — considered the minimum — include risk analysis and management, access control measures, training, incident response planning, physical controls, technical safeguards, third party/vendor management, backup and disaster recovery and patch management. But DiMaggio recommended going above that minimum threshold by using recognized security practices to mitigate penalties and ensure regulatory compliance. Those practices, he said, include email and endpoint protection, access management, data loss prevention, asset and network management, vulnerability management, incident response, medical device security and cybersecurity policies.