Demystifying CFO’s Role In Cyber Security

With the healthcare industry growing at a rapid pace, ‘Security’ invariably has become a major concern. Especially with the recent, massive malware attack that tore through more than 150 countries and affected millions including the top transcription vendor of U.S. healthcare industry. KPMG International[1] concluded in their survey that 80% of healthcare providers and payers have had their IT compromised by cyber-attacks. All this depicts significant vulnerabilities that exist within intersection of technology and medicine.

So what is Cyber ‘Ransomware’ Attack?

Typically, a ransomware is a malicious software, that affects your system in certain ways such as:

  1. Your files on systems will be encrypted or converted into a different language for which only the hacker has the cipher.
  2. It locks you out of your entire system and demands a ransom to give you access.

Impact of Cyber Attacks

The 2017 IBM and Ponemon Institute[2] study reveals; average total cost of data breach for healthcare organization is a whooping $7.35 million. These attacks cause serious complications that result in delayed treatment and poor quality care. This could further result in deaths and negative cash flow hence damaging bottom lines and reputation of the hospital. Adding to this agony is the regulatory compliance breach. For instance, the average HIPAA settlement fine is approximately $1.1 million and this figure is only increasing as HHS becomes more aggressive in enforcing HIPAA regulations[3].

Data breach events having legal consequences impact a healthcare organization’s brand image and caused share prices to fall on an average of 6%. This also resulted in 65% customers losing trust and 31% consumers discontinuing their relationship with an organization as found by Ponemon Institute[4].

101 of Cyber Security Plan

Every hospital’s CFO need to have the bird’s eye view of all threat landscapes, which would help allocate funds & resources to those sectors, that are most susceptible to an attack. Thus they are exceptionally important to an organization’s cyber defense strategy.

Here are the key points CFO’s must prioritize and follow:

  • Develop Cyber Security Mindset Throughout The Organization: Set up procedures & processes which create continuous education, awareness, and training across organizations. Because it takes only one unaware employee to open an attachment with a malicious virus that pulls down the entire system.
  • Identify, Prioritize and Safeguard Crucial Data: Identify the data that is absolutely necessary and can’t be compromised. This will help you allocate funds appropriately and put better protective mechanisms around.
  • Invest in Risk Based Cybersecurity Framework: Frequently implemented frameworks are ISO 27001 and US National Institute of Standards and Technology (NIST). These frameworks help hospitals better identify, prioritize, mitigate and communicate risks internally and externally. They further help design, monitor and measure goals towards improved cyber security programs.
  • Harness The Dynamism of Cloud Based Cyber Security: Cloud based softwares leverage advanced technologies for data security, network protection and identity & access management. It includes a range of services such as advanced authentication, penetration and vulnerability testing, real time threat monitoring, network behavior analysis as well as security alert analysis. This leads to top notch security, virtual zero downtime, faster data recovery mechanisms, easy scalability of applications as well as 100% availability of data.
  • Invest in Cyber Security Insurance: Cyber adversaries find sophisticated ways to circumvent security safeguards. Buying healthcare insurance that covers denial of service attacks, data destruction, fraud and extortion and mitigates financial impact. Other key areas of coverage include crisis management, data restoration and business interruption.
  • Evaluate Incident Detection & Monitoring Mechanisms: Keep a list of contact information of key players from your network and internet service providers. Have a holistic network map that can help you conduct what/If analysis and can serve as a visual tool during diagnosis of a threat.
  • Review Your Data Breach Response Plan: Keep your primary focus on what you would do in an event of a crucial data breach. Leverage your network security partners to compose a threat-based series of responses that are current industry best-practices.
  • Collect and Analyze Security Risks Reports On Periodic Basis: Based on specific risk indicators the detailed reports should provide privacy and security risks, vulnerable spots and steps needed to mitigate those.
  • Evaluate Current Technology: Make sure your systems are updated & upgraded on regular basis and are monitored in real time. Avoid dependence on legacy data centers that are prone to security loopholes, as well as corruptions, outages and failures.
  • Monitor Your Software Vendor’s Capabilities: Network with your CIO & CISO to evaluate, validate and mitigate security concerns after understanding vendor data, encryption methods, disaster recovery procedure, third party accreditations along with the security checks for the person who has access to data.

Research by Identity Theft Resource Center[5] shows that in 2017, U.S. healthcare industry is leading among the number of records compromised (57% of total records). The sheer frequency of these attacks, along with evolution of more complex attacks and lack of sufficient security protection must encourage hospital’s CFO to pull up their socks and manage cybersecurity effectively.


  1. https://assets.kpmg.com/content/dam/kpmg/pdf/2015/09/cyber-health-care-survey-kpmg-2015.pdf
  2. https://www.theatlantic.com/technology/archive/2016/02/hackers-are-holding-a-hospitals-patient-data-ransom/463008/
  3. http://marketing.protenus.com/hubfs/Content/20160923_Cost_of_a_Breach.pdf?hsCtaTracking=8a783f15-aacc-4442-b521-a699fb7a3803|215dd5c7-a1f4-44f0-9444-8d099d0fe204&utm_campaign=Cost+of+a+Breach&utm_medium=email&_hsenc=p2ANqtz-_Z8QeQKU-b-dn8HZvtLtL7lN2MPMr4
  4. https://www.centrify.com/media/4737054/ponemon_data_breach_impact_study.pdf
  5. http://247wallst.com/technology-3/2017/03/15/more-than-300-data-breaches-to-date-in-2017/

About ezDI

Headquartered in Louisville, Kentucky, ezDI, Inc. focuses on developing healthcare IT solutions that leverage cutting-edge technologies including Natural Language Processing (NLP), Machine Learning, Semantic Web, and High Performance Cloud Computing. The goal is to put operational data in the hands of healthcare professionals to help them proactively identify patients at risk, patterns in disease and treatment outcomes. ezDI builds intuitive healthcare IT solutions spanning Clinical Documentation Improvement (CDI), Computer-assisted Coding (CAC), Medical Transcription, Analytics, and more. ezDI has been named as one of the top 100 highly innovative companies at TiECon 2014 and ranked #1 in the Semantic Evaluation of Clinical Data (SemEval) competition for the year 2015.

Chetan Parikh

Chetan Parikh

Chetan, a serial entrepreneur has more than 15 years of experience. As the CEO of EZDI, he is responsible for the overall growth of the company. At heart, he is a technologist. He strongly believes that for any company to become a significant & formidable player, a strong technology backbone is essential. He has initiated various initiatives & collaborations, which has resulted in EZDI’s technological advantage. Chetan is a certified Six Sigma Black Belt & holds various patents. He is an avid reader and a charter member of TiE Ahmedabad. He is also a co-founder of Mediscribes.

Subscribe to our Newsletter