New Cyber Health Strategy Protects Privacy, Mitigates Risks and Fosters Patient Confidence
Cutting-edge cybersecurity strategy aims to thwart cybercrime, improve patient confidence and advance healthcare and research data protections.
The healthcare industry has become an increasingly popular target of cybercriminals. In 2021, medical organizations were the most common victims of third-party attacks, accounting for 33% of all such incidents, according to an article in Security magazine.
Cleveland Clinic is a non-profit academic medical center. Advertising on our site helps support our mission. We do not endorse non-Cleveland Clinic products or services Policy
“Patients trust us with what’s most precious to them – their lives, their privacy and their future. Cybercrime undermines that trust,” says Vugar Zeynalov, Chief Information Security Officer at Cleveland Clinic. “Cyber incidents are not just about losing data. They are about losing patients’ confidence, undermining safety and impacting care availability.”
In 2021, Cleveland Clinic launched a new three-year cybersecurity strategy that encompasses four principal goals:
“Cleveland Clinic has a deep sense of purpose, pride and excellence that proliferates across the entire culture,” says Zeynalov. “It’s important to us to instill those values into the cybersecurity team as well.”
As part of the strategy, the cybersecurity team developed a set of objectives and key results that align with Cleveland Clinic’s four care priorities:
Care for Patients – Patients expect reliable care technologies, safe medical devices and privacy related to their sensitive information.
“Cyber is like healthcare in many ways,” explains Zeynalov. “We prevent every threat we can; and whatever we can’t prevent, we hope to detect early so we can respond quickly and recover with minimum impact to the organization.”
Care for Caregivers – Objectives include continuing operations during disruptions, educating caregivers on cybersecurity without overwhelming them and providing easy access to digital platforms.
To meet these objectives, Cleveland Clinic is focused on developing and testing business resiliency plans for all its institutes, hospitals and divisions to ensure that no critical system outage lasts more than eight hours. In addition, it will expand targeted, role-based cyber training to all caregivers.
Care for Organization – “We want to make sure digital relationships are protected and trusted, and we remain compliant with government and industry regulations,” says Zeynalov.
Cleveland Clinic will complete an evaluation and protection process for all high-risk third parties, roll out standard protections to newly acquired entities and expand compliance with healthcare and credit card regulations to new sites.
Care for Community – “We have an opportunity to educate the community at large, as well as recruit and retain world-class cybersecurity talent,” explains Zeynalov.
By 2023, Cleveland Clinic will launch a cybersecurity curriculum for caregivers establish a cyber health research laboratory and work with corporate partners in the information technology industry to advance healthcare and research data protections.
Zeynalov offers advice to other healthcare organizations on developing a cybersecurity strategy:
Fighting cybercrime in healthcare is a collective effort, concludes Zeynalov.
“Preparation begins internally with the cybersecurity team and must expand outward to include other departments within each organization, ultimately extending to other partners that provide direct aid, such as law enforcement,” he says. “We must all, as an industry, collaborate to ensure patients have access to the best care when they need it.”