U.S. health association offers hospitals, healthcare systems 17-point cybersecurity plan

The American Health Information Management Association (AHIMA), a consortium of health information management professionals and organizations, published recommendations for hospital cybersecurity approaches. It recommends a model that emphasizes competency in privacy, security, IT governance, enterprise information management, data governance, legal and regulatory and awareness and adherence. Here are AHIMA's 17 guidelines:

1. Conduct a risk analysis of all applications and systems.
2. Recognize record retention as a cybersecurity issue.
3. Patch vulnerable system.
4. Deploy advanced security endpoint solutions that provide more effective protections than standard antivirus tools.
5. Encrypt workstations, smartphones, tablets, laptops, backups and portable media.
6. Improve identity and access management.
7. Refine web filtering, block bad traffic.
8. Implement mobile device management.
9. Develop incident response capability.
10. Monitor audit logs to selected systems.
11. Leverage existing security tools like intrusion prevention systems or intrusion detection systems to detect unauthorized activities.
12. Evaluate business associates.
13. Improve tools and conduct an internal phishing campaign.
14. Hire an outside security firm to conduct technical and non-technical evaluations.
15. Prepare a 'State of the Union' type presentation for an organization's leaders on cybersecurity.
16. Apply a 'defense in depth' strategy.
17. Detect and prevent intrusion.