Locations:
Search IconSearch

New Cyber Health Strategy Protects Privacy, Mitigates Risks and Fosters Patient Confidence

Cleveland Clinic launches a three-year cybersecurity plan

22-CGO-2974433-3Year-Cybersecurity-Strategy-Tips-Developing-Cybersecurity-Bus-Plans-CQD-1_650x450

The healthcare industry has become an increasingly popular target of cybercriminals. In 2021, medical organizations were the most common victims of third-party attacks, accounting for 33% of all such incidents, according to an article in Security magazine.

Advertisement

Cleveland Clinic is a non-profit academic medical center. Advertising on our site helps support our mission. We do not endorse non-Cleveland Clinic products or services. Policy

“Patients trust us with what’s most precious to them – their lives, their privacy and their future. Cybercrime undermines that trust,” says Vugar Zeynalov, Chief Information Security Officer at Cleveland Clinic. “Cyber incidents are not just about losing data. They are about losing patients’ confidence, undermining safety and impacting care availability.”

Crafting strategy around care priorities

In 2021, Cleveland Clinic launched a new three-year cybersecurity strategy that encompasses four principal goals:

  • Reduce cyber risk – Empower care and innovation by managing the organization’s top cyber risks.
  • Enable seamless experiences – Enrich the caregiver experience and reduce security fatigue.
  • Demonstrate operational excellence – Invest in caregivers, technologies and processes to grow and run at optimal velocity.
  • Advance cyber health – Secure the future of digital care and prepare tomorrow’s caregivers.

“Cleveland Clinic has a deep sense of purpose, pride and excellence that proliferates across the entire culture,” says Zeynalov. “It’s important to us to instill those values into the cybersecurity team as well.”

As part of the strategy, the cybersecurity team developed a set of objectives and key results that align with Cleveland Clinic’s four care priorities:

Care for Patients – Patients expect reliable care technologies, safe medical devices and privacy related to their sensitive information.

“Cyber is like healthcare in many ways,” explains Zeynalov. “We prevent every threat we can; and whatever we can’t prevent, we hope to detect early so we can respond quickly and recover with minimum impact to the organization.”

Advertisement

Care for Caregivers – Objectives include continuing operations during disruptions, educating caregivers on cybersecurity without overwhelming them and providing easy access to digital platforms.

To meet these objectives, Cleveland Clinic is focused on developing and testing business resiliency plans for all its institutes, hospitals and divisions to ensure that no critical system outage lasts more than eight hours. In addition, it will expand targeted, role-based cyber training to all caregivers.

Care for Organization – “We want to make sure digital relationships are protected and trusted, and we remain compliant with government and industry regulations,” says Zeynalov.

Cleveland Clinic will complete an evaluation and protection process for all high-risk third parties, roll out standard protections to newly acquired entities and expand compliance with healthcare and credit card regulations to new sites.

Care for Community – “We have an opportunity to educate the community at large, as well as recruit and retain world-class cybersecurity talent,” explains Zeynalov.

By 2023, Cleveland Clinic will launch a cybersecurity curriculum for caregivers establish a cyber health research laboratory and work with corporate partners in the information technology industry to advance healthcare and research data protections.

Six tips for building a cybersecurity strategy

Zeynalov offers advice to other healthcare organizations on developing a cybersecurity strategy:

  • Understand the patient journey within your organization. “When we created our cybersecurity strategy, we started with the journey of the patient – from admission to discharge – to understand any friction cybersecurity creates by doing or not doing something,” he says. Zeynalov and his team visited nearly all of Cleveland Clinic’s locations.
  • Meet with key leaders to learn what’s important to them. Understanding leaders’ expectations and aspirations will help guide sound decisions, says Zeynalov. In addition, he emphasizes the importance of maintaining solid relationships with leaders so that when a cyber breach occurs, the organization can communicate effectively and recover more quickly.
  • Build the strategy with clinicians. “Cybersecurity as an industry is notorious for making things harder for people,” says Zeynalov. “Creating a task force that includes clinicians allows them to shape cybersecurity strategy from their vantage point and fosters a sense of shared responsibility.”
  • Use simple language. “Avoid technical language whenever possible,” he says. “Your cybersecurity professionals should speak the language of the organization and understand how the work they do aligns with the enterprise as a whole.”
  • Adhere to the health system’s vision and mission. “Instill the culture of care, purpose and excellence into the cybersecurity team. We’re here to care for people, not just computers,” says Zeynalov.
  • Share cyber best practices with other healthcare organizations. “Cybersecurity is one area in which providers can’t afford to compete,” he says. “Criminals are sharing their exploit techniques; healthcare providers should share defense strategies.”

Advertisement

Fighting cybercrime in healthcare is a collective effort, concludes Zeynalov.

“Preparation begins internally with the cybersecurity team and must expand outward to include other departments within each organization, ultimately extending to other partners that provide direct aid, such as law enforcement,” he says. “We must all, as an industry, collaborate to ensure patients have access to the best care when they need it.”

Advertisement

Related Articles

Remote work strategies
Implementing a Long-Term Remote Work Strategy

Identify criteria, consider multiple models and encourage flexibility

Alumni Association event
The Value of Healthcare Organization Alumni Associations

Maintaining connections leads to referrals, recruitment and more

Volunteer cleanup at lake
Empowering Program Encourages Caregivers to Donate Time to Worthwhile Causes

Paid volunteer hours reward staff for engaging with community partners

Job candidates waiting for interview
Moving Beyond the Resume to Find the Candidate’s ‘Why’

Recruiters emphasize empathy and personal connections when building healthcare talent pool

Employee interview
Empowering Candidates to Expect Career-Affirming Qualities in Potential Employers

Hiring experts encourage job seekers to ask probing questions during the interview process

Ad