How CFOs Can Prioritize Cybersecurity
By Marie DeFreitas
Ever since the healthcare industry was shaken by the massive Change healthcare ransomware attack, tensions have been high. But are health systems acting on that tension with data protection strategies?
With the increasing frequency of cyberattacks, it’s crucial for CFOs to ensure that both financial resources and strategic planning are aligned to protect sensitive patient data and maintain operational integrity.
The repercussions of a data breach can be devastating, leading to significant financial losses, reputational damage, and legal penalties. According to the American Hospital Association, as of October 7, 2024, 386 healthcare cyberattacks have been reported. Although the average cost associated with a cyberattack has dropped from $10 million in 2023 to $9.8 million in 2024, these attacks still outweigh many other sectors, making healthcare the most expensive industry for such incidents.
Fostering a culture of cyber awareness
The first step is education. What are the first signs of a potential cyberattack? Would staff be able to recognize these signs? CFOs must educate themselves on the different factors that go into cybersecurity preparation, while ensuring that the entire organization has a strong awareness about cybersecurity and everyone’s role in protecting data.
CFOs can collaborate with CTOs and administrative staff to implement regular training and education for staff on recognizing and responding to cyber threats, which can significantly reduce vulnerability. By making cybersecurity a shared responsibility, CFOs can enhance their organization’s resilience against attacks.
In the financial case for cybersecurity, CFOs should examine what cybersecurity investments will be right for their organization. They should examine all the advanced solutions available, including firewalls, intrusion detection systems, and endpoint protection. AI-powered solutions can also proactively identify and respond to cyber threats, reducing response times and potential damage.
Data encryption and access control
CFOs can collaborate with CTOs to get into the nitty-gritty of data protection.
They can protect sensitive information by implementing hardy encryption protocols for data storage and transmission. They can also establish strict access controls and authentication measures to minimize the risk of unauthorized access to patient data. As a case in point, according to court testimony, outdated security protection was a critical factor in enabling the Change Healthcare attack to affect so many organizations.
CFOs can also look into investing in upgraded collaboration tools, such as secure messaging and collaboration platforms that enable staff to share information efficiently while ensuring data protection. These tools can streamline workflows and enhance interdepartmental communication without compromising security.
Measuring ROI on cybersecurity investments
Lastly, CFOs can measure the ROI of their cybersecurity investments to know if the systems truly are making a difference. With strategic KPIs in place, CFOs can determine whether these actions have reduced the number of cybersecurity incidents, improved response times when incidents do take place, and comply with regulatory standards.
Marie DeFreitas is the CFO editor for HealthLeaders.