Control Recommendations
- Strengthen access controls with role-based access and multi-factor
authentication
- Encrypt patient data in transit and at rest using strong encryption
- Establish reliable offsite backups with versioning and investigate DR options
- Continuously monitor, log and analyze activity with SIEM tools
- Isolate sensitive systems using network segmentation
- Mandate regular security awareness training for all staff
- Conduct external penetration tests and proactively remediate vulnerabilities
- Establish a cybersecurity governance framework and conduct regular audits
- Allocate necessary financial resources for implementation and maintenance
Implementing these evidence-based controls would help optimize security and
lower risks to an acceptable
level over