Search
Close this search box.

Managing Healthcare Risk in a Networked World

Independently conducted by Ponemon Institute LLC  |  Sponsored by Michigan Healthcare Cybersecurity Council

Calls to Action

As a result of the research survey outcomes, MiHCC has developed priority “Calls to Action” which prioritizes critical activities to reduce risk and cost, while improving healthcare provider cyber resilience over time. The MiHCC stands ready to assist Michigan Healthcare providers, through discussion, education, information sharing and best practices, to address these critical priorities.

  • DEVELOP AND ADVOCATE A COLLECTIVE SECURITY CULTURE FROM THE TOP Drive a “collective security” dialogue and mindset from the top to strengthen patient safety, privacy, and outcomes, while protecting business brands, market position and business opportunities. Work to drive a multidisciplinary approach to risk that defaults to collaboration and information sharing, to eliminate communication barriers between technical and non-technical leaders and functional divisions within your organization.
  • ALIGN CYBERSECURITY INVESTMENTS TO BUSINESS OBJECTIVES By identifying, prioritizing, and better communicating cybersecurity gaps and vulnerabilities that impact key mission goals and objectives, the understanding of cyber risk versus cost will be more transparent and actionable by leaders at all levels.
  • TRAIN, TRAIN, TRAIN Ensure mandatory workforce cybersecurity training is completed, at a minimum annually, by everyone using technology in your organization. Encourage regular senior leader cybersecurity exercises. As soon as possible, mature beyond tabletop exercises to operational forms of training, to increase readiness and anticipate unforeseen second and third order effects.
  • ENGAGE THIRD-PARTY VENDORS The biggest unseen risk may be the third-party vendors with whom your organization does work. Re-examine third-party vendor programs and ensure that there is active engagement with these vendors to hold them accountable for achieving and maintaining specified security standards.
  • PLAN Develop and test multidisciplinary plan for Cyber Incident Response before a breach occurs.