Insights in Security

Many healthcare security programs have developed reactively, lacking clear governance structures that align with modern risk realities. Establishing foundational governance—through defined organizational ownership, a formal charter, and aligned risk management practices—is essential to maturing these programs and protecting people, assets, and reputation.

The annual comprehensive security risk assessments required by various laws, regulations, and compliance bodies are essential components of a healthcare security program. However, leading and lagging indicators can arise anytime, signaling that a supplemental security review is appropriate or urgently needed. This article explores the key signals to watch for to keep your security program in alignment with your ever-evolving care environment.

The recent Wall Street Journal article, “U.S. Secret Service, CISA Host Cybersecurity Training for Critical-Infrastructure Directors” (Rundle, 2024), highlighted the need to understand the often-overlooked network penetration risks that exist beyond standard cybersecurity protection tools and methods.