Getty Images/iStockphoto
Is the Proliferation of Cybersecurity Vendors Helping or Hurting Healthcare?
The proliferation of cybersecurity vendors calls for wiser investment decisions rather than inflated budgets, Michael Carr explained at the HealthITSecurity Virtual Summit.
A proliferation of cybersecurity vendors have entered the market in recent years hoping to alleviate security and privacy concerns across the healthcare sector.
At the 2nd Annual HealthITSecurity Virtual Summit, Michael Carr, system vice president and chief technology and information security officer at Health First, suggested that healthcare organizations re-envision how they evaluate cybersecurity investments. Rather than spending more, Carr explained, organizations should spend more wisely.
In the US alone, there are over 3,500 cybersecurity vendors in the market, CyberDB found. Healthcare organizations are tasked with the challenge of quantifying risk, choosing the right vendors to solve the right problems, drafting contracts, and then actually implementing the solution. Ideally, those vendor decisions would lead to a significant return on investment.
“We are being bombarded by the news in terms of cyber threats. We are being bombarded by new capabilities, new products, and new platforms,” Carr noted.
“But just because we spend more, doesn’t mean we are more safe or secure or that we are providing better services.”
Navigating the Highly Saturated Healthcare Cybersecurity Market from Xtelligent Healthcare Media on Vimeo.
Navigating the vendor market can be daunting, but re-envisioning how organizations go about the process of choosing, assessing, and implementing vendor solutions may offer some clarity.
First, Carr suggested that organizations keep administrative burdens in mind when assessing a new vendor. Every vendor requires a new set of contracts, invoicing, and a staff learning curve. With that in mind, procurement decision-makers should consider whether a solution is worth the administrative burden and whether it solves more than one problem.
In addition, organizations should consider how long it may take to get a return on investment, and how scalable the solution is.
Amid the ongoing cybersecurity workforce shortage, Carr also stressed the importance of making sure that the team is adequately staffed to take on implementation.
“If I bring in a new solution and I have to take 20 percent more of my staff to manage that platform, I'm wasting talent,” Carr maintained.
When assessing vendors, Carr also recommended holding vendors to a higher standard and ensuring that their internal security practices match those of the healthcare organization, even if that vendor will not have access to protected health information (PHI).
Before signing a contract, healthcare organizations should first consider whether technology will solve the problem. Sometimes, people and processes can provide the solution more efficiently and effectively than technology.
Lastly, Carr advised the audience to “know when good enough is good enough.” Healthcare organizations should invest in the solutions that will best serve their businesses and keep data highly secure. Anything more than that may just divert resources away from the organization’s primary goals.
“We want to be best in class at enabling wellness, at caring for our community,” Carr said.
“Our goal isn't to be best in class in terms of cybersecurity, our goal is to be best in class in how we enable our community to live in wellness and to lead good lives.”
To learn more about Xtelligent Healthcare Media virtual summits, visit our event page.