Make Accreditation Part of Your IT Risk Management Strategy

As healthcare continues to see high-profile data breaches, underwriters are looking for third-party accreditation before issuing cyber-security policies.

You never know when an accidental loss of a device, a phishing attack, a data breach or a cyber or ransomware attack will impact your operations.

There have been several large-scale healthcare data breaches so far in 2016, approximately 250 reported cases affected more than 500 individuals this year. Are you prepared to prevent one at your organization?  Admittedly, 2016 has been a moderate year for healthcare data breaches and ransomware attacks—unless your company has been hit. The comprehensive total cost of a data breach averages $3.8 million, a 23% increase between 2013 and 2015, so the potential cost of a breach is quite high.

Breaches rose sharply in the third quarter of 2016, increasing by 55% over the half-year average, so even if you think you’re protected, the cyber attackers aren’t going anywhere anytime soon.

Developing an IT risk management strategy as part of a business continuity plan is the bare minimum that health plans can undertake to protect themselves. To increase protection, a company’s risk management plan should be comprehensive, dynamic enough to adapt to changing regulations and conditions, and readily embraced and supported across the organization.

Increasingly, however, underwriters are looking to independent, third-party accreditation as a requisite to issuing cyber security policies. Third-party audits are also a common way that breaches are discovered, allowing fixes to be deployed more quickly.

To read the full article, visit the American Journal of Managed Care.