Cybersecurity continues to present as one of the biggest financial risks in healthcare, with the average healthcare organization reportedly spending $1.4 million to recover from a cyberattack. According to a 2018 radware report, “Quantifiable monetary losses can be directly tied to the aftermath of cyberattacks in lost revenue, unexpected budget expenditures and drops in stock values.” Given the potential for such a tremendous financial impact, it makes sense that CFOs are now taking a more active operations role in this area. This is clearly demonstrated in a recent survey in which 85% of CFO respondents stated they seek greater compliance to proactively audit access to protected health information. Cybersecurity as a Team Sport Organizations of all shapes and sizes, in all industries, are challenged with fortifying their cybersecurity defense. In their “2019 Future of Cyber” survey, Deloitte reports that the organizations best equipped to handle evolving cyber risks are those that spread accountability across the organization. It is not surprising that this shift in CFO responsibilities spans many industries, not just healthcare. A recent Forbes article explains: “Today’s CFO knows how to budget, allocate resources, and prioritize cyber defense for the whole organization, so he/she can sleep at night.” The increased CFO responsibilities seem to be beneficial. It’s been found that combining CFO and COO roles have led to improved financial reporting quality, with accruals being relatively more predictive of future cash flows. The broad-based training among those in the top financial role also suggests that CFOs who are given operational control can effectively perform both roles. Archiving Legacy Data Adds to Cybersecurity Defense As CFOs and the entire IT team continue to refine and update the health system’s long-range plan for cybersecurity, it makes sense to include a review of the landscape the team is protecting. Bottom line, a health team’s best defense is to limit the number of systems it needs to safeguard. There are many business reasons to consolidate legacy systems into a single and secure archive, but perhaps the most important is the added security of having less systems at risk for attack. When considering decommissioning legacy systems and determining how to handle legacy data management to shore up the risk factor to your PHI, there are a few things you’ll want to ask any future archiving partner. As the number one firm in data extraction and migration as ranked by Black Book™, we’re also here to answer any questions you have on securing your legacy data. Are you a CFO or part of a team charged with shoring up security and mitigating risks? Let’s talk.