Budgetary constraints often make it difficult for some hospitals to protect highly sensitive health information. But infosec experts say organisations just have to be creative to find the best approach to meeting security needs in the absence of a bigger budget. One option is to get a vendor who is able to recommend the needed technology and other security needs. It’s important to look towards vendors with a healthcare-focus that are able to provide the necessary security evaluations. The vendor’s job is to figure out what the hospital needs that can both save time and effort.The outsourced vendor will assess the hospital’s EHR and other systems to see how things are connected and protected, and then determine what needs to be done to increase security, i.e., access control settings and backups, according to Diana Kelley, global executive security advisor for IBM Security.Theyll also determine resources and how the organisation will work through those needs, either through a virtual CISO, part-time security employee or a local organisation that does outsourcing once a week or month. Kelley explained those needs are determined by the size of an organisation.

Source: Click here