Issue link: https://beckershealthcare.uberflip.com/i/1412801
105 SPONSORED BY H ealthcare organizations face unprecedented challenges and risks. Continuing to operate in silos with inconsistent processes and controls will only heighten an organization's risks. Health systems need an enterprise-wide approach to managing risk, built on a foundation of trust and enabled by technology. Becker's Hospital Review recently spoke with leaders from KPMG LLP and ServiceNow about the current risk landscape that health systems face, the imperative to build trust and resiliency and practical steps organizations can take. We spoke with: • Lisa Rawls, principal, governance, risk and compliance, KPMG • Carl Kriebel, managing director, cyber security services, KPMG • Vishakha Sant, global head healthcare providers, ServiceNow • Scott Ferguson, director of outbound product management, risk business, ServiceNow Healthcare organizations face serious challenges and risks Foremost are cybersecurity risks. Ms. Sant shared data indicating a 75 percent increase in healthcare breaches, impacting 41 million patient records. "Threat actors see the value in healthcare data; it is very lucrative right now," she said. Cyber risks are increased through remote working arrangements, an increased number of connected devices and reliance on third-party vendors. The problem that security teams and entire enterprises face, Ms. Sant explained, is being in a constant state of impromptu prioritization. She sees leaders wanting to move from being reactionary to being proactive and visionary. The trusted imperative is a dynamic new approach to managing risk "When you earn and deserve the trust of all your stakeholders," Ms. Rawls said, "you create a solid platform for responsible growth, confident decision-making, bolder innovation and sustainable advances in performance and efficiency. This is the trusted imperative — a dynamic new approach to risk and regulation for a digital era." Ms. Rawls emphasized the need for organizations to build a circle of trust with their diverse stakeholders, including patients and customers, partners and suppliers, regulators, investors, communities and employees. She touched on programs that organizations are implementing to build greater trust, such as enterprise and operational risk, technology risk and cyber, business continuity, data governance, operational resilience, environmental social governance (ESG) and more. The value and benefits of being trusted include being better prepared, more informed and more respected. "Organizations that are trusted by their stakeholders grow responsibly, innovate boldly, confidently secure their place in the digital era and are prepared for tomorrow," Ms. Rawls said. Embracing the trusted imperative goes beyond typical check- the-box compliance exercises. It represents a shift in mindset. A mindset of trust reflects an understanding that a dynamic risk environment doesn't present threats and challenges just to the enterprise itself, but to all stakeholders with an interest in the organization. Healthcare organizations are advised to take a practical, intentional approach to building trust "Trust is earned in drops but lost in buckets," Mr. Ferguson said. "When you lose the trust of your stakeholders, it's not something you can just flip a switch and get back. It's something you have to earn over time, which means we have to have a very practical approach to how we're going to earn that trust." Among the steps to build trust are to assess and prioritize risks and security incidents, accelerate reaction time to respond to risks and continuously monitor. In addition, Mr. Ferguson stressed that "operational resilience is a business differentiator." The four pillars of operational resilience are technology, people, facilities and third parties. Those pillars need to be leveraged across the operational resilience lifecycle, which consists of anticipate, prevent, respond/recover and adapt. Mr. Ferguson shared that a key practical takeaway is to break silos by bringing together security, IT, HR, vendor management, facilities, finance, and other parts of the organization to prioritize what's important and build enterprise-wide resilience. "This [collaborative approach] allows effectively using information to make risk-informed decisions in real time as an organization. This is how you can be successful as an organization, earn the trust of stakeholders and embed risk across the entire enterprise." A proactive approach to managing risk is a more effective approach Mr. Kriebel suggested that organizations consider four proactive steps: 1. Adopt a trusted mindset across the entire organization. 2. Consider strategic technology enhancements to proactively enable a trusted strategy. 3. Improve the dialog between the board and oversight committees. 4. Enhance governance structures to proactively mitigate the risks of expanding attack surfaces. "Organizations need to be more formal about achieving trust," Mr. Kriebel said. Those organizations that exhibit these behaviors will be well prepared to begin that journey of being more trusted." n Dynamic risk management in the digital era Improving business performance, turning risk and compliance into opportunities, developing strategies and enhancing value are at the core of what we do for leading organizations. Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.