Beyond passwords: How NIST cybersecurity framework gives risk management a boost

Healthcare organizations can utilize the NIST Cybersecurity Framework to help manage enterprise security and mitigate various risks. Barry Herrin, founder of Herrin Health Law, suggests that the framework can be expanded beyond data security to address other kinds of security threats. Organizations must focus on people, processes, and technology, rather than solely relying on technology, to effectively manage risks. The framework’s access control provisions, for example, can help organizations improve their protection against insider threats and vulnerabilities. Implementing controls and reorienting thinking about cybersecurity risk management is crucial for better protection.