Privacy & Security

More on Strategic Planning

Can't afford a security chief? Here are the alternatives

Hospitals and medical groups with limited security resources still have leadership options in managed care providers and virtual CISOs.

Susan Morse, Senior Editor

Particularly for smaller hospitals and medical groups, hiring a full-time chief information security officer can be a stretch of the budget and resources. But patient data must still be protected because smaller organizations face many of the same risks larger systems do.

So cybersecurity responsibility often falls to the CIO, the IT director, or, even to a certain extent, the hospital's EHR vendor, none of which are traditionally aligned with a cyber role.