Our healthcare industry is faced with the escalation of large scale sophisticated cybersecurity attacks. To tackle this important issue, the HIMSS Foundation Institute for e-Health Policy http://apps.himss.org/foundation, CHIME http://chimecentral.org, and the Association for Executives in Health Information Security (AEHIS) http://ashis.org presented a briefing titled “Cybersecurity in Healthcare: The Growing Challenge of Securing Patient Data” on October 6, 2015.
Moderator Tom Leary, Executive Director, HIMSS Foundation & Vice President, Government Relations welcomed the panelists and attendees at the briefing held during National Cyber Security Awareness Month 2015 and also during health IT week.
Thoughts and ideas presented by panelists discussed in-depth the healthcare cybersecurity landscape, real world experiences with cyberattacks, and the unique challenges facing healthcare providers and patients.
Lee Kim JD, Director, Privacy & Security at HIMSS reports that in the present state of cybersecurity, there are many existing new threats, along with organized cybercrimes, phishing, malware, botnets, and hack twists all trying to do malicious harm.
As Kim explained, “Today, there is no single source for cyber threat intelligence so what is needed is a central pipeline portal in real-time to provide information. To add to the complexity of the issue, there are no standards able to measure compliance and no regulations to support or encourage data sharing and the exchange of information.”
She adds, “As a society, it is important for the U.S. to invest in new solutions, educate Boards of Directors and C Suite executives to make cybersecurity the priority and be open to upgrading legacy systems, software, and devices. We must deter sophisticated cyber criminals and prosecute those criminals to better secure our healthcare borders.”
One day panelist Randy McCleese, Vice President of Information Systems & CIO at St Claire Regional Medical Center www.st-claire.org, in Morehead, Kentucky realized how vulnerable and how important it is to maintain security at the St. Claire 159 bed hospital located in a small town in Kentucky.
He realized the importance of security when it was reported that that there are 6.3 hits on networks every second. To deal with the enormous issue of cybersecurity, he wants to reach out to not only others in Kentucky but also take advantage of the knowledge available in universities along with their knowledge of technology to help the industry cope and deal with security issues.
Aaron Miri, CIO, Walnut Hill Medical Center www.walnuthillmc.com in Dallas, Texas had his wakeup moment when suddenly he realized that the network at the medical center was being monitored. He suddenly realized how the healthcare industry is a soft target and very easy to penetrate
In the case of Matthew Snyder, Chief Information Security Officer, at Penn State Milton S. Hershey Medical Center www.pennstatehershey.org, was amazed when he found out that a targeted sophisticated attack directed at the Medical Center was well thought out. He suddenly realized that there was no silver bullet to address sophisticated organized crime such as cybercrime.
According to Timothy Zoph, Senior Vice President, Administration, Northwestern Medicine www.nm.org, in Chicago, he began to realize on 9/11 how important it is for hospitals to have survivable reliable information systems to be able to manage patients that will effectively work even during times when disasters occur.
He said, “We must learn from other sectors such as the financial sector on how to effectively manage information.” He explained that the level of management is different in the healthcare industry than in other industries. As he pointed out, “What makes it urgent for the healthcare industry is that the street value of medical records out paces even the value of obtaining financial records.