Hospital IT security presents many unique challenges that must be solved by the entire organization. Network and computer threats can cause thousands of dollars in lost time and resources, legal repercussions, and damaged repu- tation. Despite warnings from a wealth of public breach notifications, many hospitals are inadequately prepared to deal with today’s computer-based at- tacks.
This thesis explores the root causes of hospital network and computer in- security, and addresses these problems with methods implemented in actual hospitals. A lack of comprehension of methods to assess and implement secu- rity measures by hospital IT security employees can hinder network visibility and prevent their ability to stop threats. In addition, these same people are unable to express security concerns in terms management can understand, harming their credibility within the business as a whole. Without this sup- port, organizational change is impossible. By addressing these concerns with a combination of people, process, and tools, we can solve complex problems, protect patient data, and ensure IT operations so hospitals can serve their community and save lives.