Most of you are already inundated with information about this newest form of ransomware that has caused massive impact in healthcare and other operations in 150+ countries. But the purpose of this article is to highlight the importance of setting up a cybersecurity program and a plan to protect your organization and data so you are much better prepared for sophisticated attacks in future.
I understand a cybersecurity program seems like a complex and financially-demanding resource, but it is critical toanybusiness’ operations today-including blood centers. Because blood centers are operating with a number of financial constraints, it is even more critical to ensure continuity of blood operations in face of cyberattacks and threats. Just imagine the financial impact to the organization if operation were suspended due to a loss of critical information systems. That doesn’t include any after-effects either, including loss of reputation, clients, and compliance with additional guidances from regulatory agencies. This will also have a more fundamental impact to the mission of the organization of serving local community and ultimately saving patients’ lives.
Our association consists of a diverse set of organizations that vary in size and in resources-both financial and human, but implementing a solid cybersecurity program is still possible no matter what your size or finances. From a technology perspective, there are numerous tools and options available for free or even at very low costs, and naturally very expensive products as well. When reviewing processes some modifications or changes might be needed, but even those should not be labor-intensive. When reviewing resources, blood centers also have qualified internal resources within their IT departments/programs or with their external vendors/contractors that can help fill the gaps as needed. Some of the biggest challenges in implementing such a large-scale program will be to ensure adoption and adherence to follow good cyber hygiene at all levels within the organization. Executives will have to play a critical role in ensuring that such a program is of strategic and operational importance and has their support. Employee awareness and engagement through training will also be critical since they are the last line of defense against attacks. These key points, along with general security practices like: following a security standard, performing periodic risk assessments, business impact analysis, ensuring outside vendors and suppliers are patching their applications, business continuity and disaster recovery programs, and hardened information systems, are all key to ensuring that you have a solid program in place.
Maintaining a reliable cybersecurity program is everyone’s shared responsibility. Just as regulators and industry partners are improving their programs, it is critical for blood centers to do the same. There is a reason why blood operators are a part of the nation’s critical infrastructure and directly responsible for ensuring a safe and available blood supply-and we should not let another incident like Wanna Cry affect that goal.
Sameer Ughade; Director, Information Technology& Business Intelligence