Coming off several years of a pandemic and the associated public health emergency, the healthcare industry continues to face complex and unpredictable risks in 2024 that could have long-lasting impacts across several critical areas. Healthcare internal auditors play an important role in helping their organizations manage potential risks, stay on top of regulatory compliance, optimize operations and address other pressing concerns. The latest Healthcare Internal Audit Plan Priorities Study, conducted by Protiviti and the Association of Healthcare Internal Auditors (AHIA), revealed six key areas of focus for internal auditors.

Key findings include: 

• Business Resiliency: Evaluating plans for continuing critical business functions if/when key systems or vendors are unavailable for extended periods.
• Penetration Testing and Vulnerability Management: Regular scanning across environments, testing the effectiveness of controls through penetration tests and adversary simulations, and tracking the remediation of identified issues. 
• Incident Response: Establishing a process to identify, respond to and learn from cybersecurity incidents; having a designated response team to react quickly to threats and minimize their impact; and regularly testing the incident response plan to facilitate effectiveness in real-world scenarios.
• Social Engineering Awareness: Expanding beyond phishing campaigns to include awareness of various techniques, preventive measures and proper protocols.