This year I attended my third NextGen® User Group Meeting. These meetings are a great opportunity to interact with clients and have candid conversations on security and compliance. As in previous years, attendees expressed continued concern around the threat of ransomware. Conversations about the WannaCry and NotPetya variants were common. Many of our users discussed the need for a robust patching program in conjunction with these threats. While ransomware should not be the main reason organizations apply patches on a regular basis, WannaCry was a great example of how some preventative maintenance could have saved countless hours on incident response.
What should your preventative maintenance measures include?
- A robust backup strategy, which includes regular testing of backup sets
- Regular patching of systems, which includes security-related items
- The physical and logical separation of backup sets from your production environment
- A dedicated incident response team to quickly respond to attacks
Are your IT partners HITRUST certified – or working towards it?
On the compliance side, HITRUST was a main topic as organizations are looking to standardize on an industry-recognized security framework. NextGen Healthcare is putting the finishing touches on its effort; the company expects to be certified by Q1 2018. Leveraging the HITRUST CSF (Common Security Framework) helps establish a single benchmark for organizations to facilitate internal and external measurement that incorporates the requirements of applicable standards and regulations including, ISO, PCI, COBIT, HIPAA, HITECH, and NIST. I see this continuing to gain traction within the healthcare community as more “Covered Entities” require their partners to be HITRUST certified.
Explore some of next year’s hot cyber security topics
Looking toward 2018, here are some of the items that I believe will spark debate and discussion:
- Automation – Given the number of cyber security events small security teams are asked to respond to, and will continue to face, organizations will continue to explore how automation can help reduce response times.
- Social engineering – Cyber criminals continue to use social engineering to gain unauthorized access to data. This type of crime shows no signs of slowing down in 2018 and will be an ongoing focus.
- Resource shortage – In 2017, there were approximately 350,000 open security roles in the U.S. alone. In 2018 this number will grow. With only 11% of the world’s information security workforce comprised of women, there is an opportunity for more women to enter the field to make up for this shortage next year
Need more information?