Enterprise risk management is a tall order, as healthcare organization strive in earnest to mitigate their exposure to a wide array of threats and uncertainties. But what if there was a roadmap already written that could help guide the way?
There is, says healthcare attorney Barry Herrin, founder of Herrin Health Law. It’s just too often seen as something to be filed away with health systems’ cybersecurity plans.
The NIST Cybersecurity Framework will be familiar to many hospital IT and security personnel as they grapple with this frightening new era of weaponized malware, insider threats and nation-state hacking, of course.
[Also: Hackers are prepping for future attacks. Are you?]
But it also contains some key provisions that could be very useful to healthcare organizations as they try to get their arms around myriad other risks and vulnerabilities, said Herrin – particularly with regard to access control.
It can help inform approaches to people, process and technology (in that order) for mitigation of risks across the healthcare enterprise, he said.
“I’ve been trying to evangelize it,” said Herrin of the idea that the cyber risk management framework can be expanded “to…
