5 tips to reduce end-point complexity, improve strategic alignment

Reducing end-point complexity and improving internal stakeholder alignment should be the focus of hospitals hoping to prevent cyberattacks, according to a study published May 28 in the Journal of Medical Internet Research.

Cybersecurity incidents have become an increasingly persistent threat to hospitals. Healthcare organizations have failed to prevent some of these incidents due to internal politics and regulations. In this study, researchers from the Massachusetts Institute of Technology, in Cambridge, Massachusetts, outlined a systematic and organizational perspective on evaluating the cybersecurity capabilities of hospitals. 

“This study helps healthcare leaders reduce hospital vulnerabilities by detailing the outcomes resulting from strategic decisions of cybersecurity development,” wrote first author Mohammad Jalali, MSc, PhD, and colleagues. “It also aids cybersecurity professionals in understanding the complexities of cybersecurity capability development in hospitals.”

Researchers conducted 19 interviews with chief information officers, chief information security officers and healthcare cybersecurity experts to develop a model to identify how hospitals could use improve their cybersecurity capabilities. A simulation analysis was then done to identify variables that affected the likelihood of cyberattacks.

Results showed variables such as end-point complexity and internal stakeholder alignment were significant risks. Additionally, researchers noted that low resource availability could be compensated by setting a high target level of cybersecurity when hospitals are attempting to close cybersecurity capability gaps.

To reduce end-point complexity, researchers suggested:

  • Moving to cloud-hosted services when resource availability was a constraint
  • Using technology to detect unauthorized devices on networks
  • Maintaining firewalled networks for patients, staff, and medical devices
  • Stricter policies on technology procurement

To improve internal stakeholder alignment, researchers suggested:

  • Low internal stakeholder alignment decreases the effectiveness of capability development and increases the erosion of capabilities.
  • Soft variables such as stakeholder alignments are often forgotten in cybersecurity management.

“To enhance cybersecurity capabilities at hospitals, the main focus of chief information officers and chief information security officers should be on reducing end point complexity and improving internal stakeholder alignment,” concluded Jalali and colleagues. “These strategies can solve cybersecurity problems more effectively than blindly pursuing more resources. Moreover, although compliance is essential, it does not equal security. Hospitals should set their target level of cybersecurity beyond the requirements of current regulations and policies.

“As of today, policies mostly address data privacy, not data security. Thus, policy makers need to introduce policies that not only raise the target level of cybersecurity capabilities but also reduce the variability in resource availability across the entire healthcare system.”

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.