FQHCs Prepare for National Cybersecurity Awareness Month
FQHCs are faced with an ever-shifting cybersecurity landscape due to emerging technologies and shifting internal and cloud vulnerabilities. Adding to this are regulations designed to keep pace as well as the data (health and personally identifiable) that live through their systems. The U.S. federal government has designated October as National Cybersecurity Awareness Month (NCSAM). AAFCPAs advises that clients take this opportunity to reflect on potential risks and exposures while investigating ways to better secure business and critical infrastructure.
Where To Focus
Healthcare organizations are held to higher standards of accountability given their role in securing highly sensitive electronic medical records and clinical, claims, and administrative data. Beyond this, health centers depend on the same information systems to serve patients, deliver care, manage records and workflows, and coordinate referrals. With the rise in telemedicine, uptime has never been more critical in facilitating remote care.
NCSAM is a timely reminder to reassess privacy protections within legacy systems along with medical device security, email protocol, asset and network management including access, and cybersecurity policies. AAFCPAs also advises that healthcare clients refresh cybersecurity training and incident response plans to ensure alignment with the current threat landscape. Ask yourself, are the latest software updates in place? How strong are system controls? Is system access limited to only those requiring it? How frequently do we conduct cybersecurity training and education with clinical staff? When did we last perform a routine risk assessment? When did we last review and test our Incident Response Plan (IRP) and Business Continuity Plan (BCP)?
Clients are encouraged to utilize this resource in discussions with your IT services group and as part of a more comprehensive Enterprise Risk Management Program.
How We Help
AAFCPAs works with clients to identify cybersecurity risks before they affect patient care. We conduct comprehensive IT/cybersecurity assessments and provide recommendations to seal exposures. Routine assessments can help organizations remain in full compliance with changing regulations, avert costly litigation, and maintain your trusted reputation.
If you have questions, please contact James Jumes, MBA, M.Ed., Partner, Business Process & IT Consulting at 774.512.4062 or firstname.lastname@example.org, Vassilis Kontoglis, Partner, Analytics, Automation & IT Security at 774.512.4069 or email@example.com—or your AAFCPAs Partner.