CAST has released a Cybersecurity White Paper and a Benchmarking Questionnaire to help LeadingAge members and other aging services organizations understand what cybersecurity threats are, how to mitigate risks, and how to respond if attacked. The Benchmarking Questionnaire will help providers identify best practices, and where providers may be at risk, so that they can work to plug those vulnerabilities.
 
This topic is especially pertinent to the industry, as health care providers are prime targets for cyberattacks. The reason is that health care data is lucrative, and the industry's security is often weak compared to that of other industries. In 2014, the Federal Bureau of Investigation formally warned health care that the industry is under attack, and the situation is ongoing.
 
Another reason to take note: Cyberattacks are very expensive, with the average cost of a breach reaching over $2.4 million in notification, forensics, legal fees, and fines.

In the Cybersecurity White Paper 

The new CAST white paper helps organizations think through these concerns:
 
HIPAA: Many LeadingAge organizations are subject to Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules. Even organizations that HIPAA does not cover have a responsibility to protect sensitive information and are subject to state regulations. Be aware that breaches and other incidents may lead to an investigation by the Office for Civil Rights (OCR), the division of the United States Department of Health and Human Services that enforces HIPAA.
 
Threats, Vulnerabilities, and Risks: Knowing what to look for is key in preventing cyberattacks. The white paper outlines the top 10 most common threats for organizations—and the actions and technologies you can employ to reduce your risk. It also outlines the impact of various threats to help you prioritize your organization’s action plan.
 
Management Techniques: Solid management techniques can mitigate your organization’s risk. Techniques include training that raises your employees’ awareness of threats, a defense in depth strategy, and careful vendor vetting and management. An adequate budget and investment in cybersecurity, including funds for staffing and tools, are also critical to success.
 
Assessment, Planning, Prevention, and Response: An honest assessment of your information security program can help you to better manage threats, as can involving your organization’s senior leadership in the process. Developing strong reference architectures, reviewing your infrastructure architecture, and training employees to spot and avoid threats are important pieces of the puzzle.
 
The white paper also includes a checklist from the Office of Civil Rights, part of the United States Department of Health & Human Services, which tells you how to respond if your organization is attacked.
 
Technology Infrastructure: The white paper gives an overview of hardware devices, software applications, security appliances, strategies, and techniques that can help your organization combat modern cyberthreats. Valuable infrastructure includes next-generation firewalls, network access control, state-of-the-art e-mail filtering systems, cloud anti-virus software applications, updated endpoint management systems, and a sound backup and disaster recovery (BDR) solution.
 
Download the Cybersecurity White Paper and then check your organization against our Benchmarking Questionnaire.