Conference covers latest cybersecurity threats, advice

This week, HIMSS held its Privacy and Security Forum this week putting the focus on cybersecurity.

Richard Clarke, the former White House cybersecurity czar who served three presidents, opened the conference with details about the dismal state of IT security in healthcare.

IT security professionals need to get their leadership off the fixation that cybersecurity is just about protected health information, Clarke said. “I think your leadership believes that.” He said that when breaches happen and organizations offer the victims free credit monitoring, only 8 percent take the offer. That’s because “we have all become inured to the loss of [personally identifiable information]. Tell your leadership there are other things that could happen that have happened in other sectors. Those things inevitably will happen in healthcare.”

Tyler Moore, Tandy assistant professor of cybersecurity and information assurance at the University of Tulsa, said there is little incentive in healthcare to improve IT security. The traditional engineering approach to cybersecurity involved thinking the internet was insecure because there weren’t enough features such as encryption and authentication. So, engineers worked on providing better, cheaper security features but eventually realized that wasn’t enough.

Most people are better at appreciating a hospital’s new building over an increased IT security budget. “As a result, it’s not surprising for organizations to spend their money on things consumers can observe.”

The U.S. healthcare system also lacks robust cybersecurity incident data. Unless required by law, most companies choose not to disclose incidents which means they can’t calculate an accurate estimate of the likelihood of incidents or their costs. That then means they can’t allocate their defensive resources appropriately.

We'll have more coverage from the conference in coming days.

Beth Walsh

Clinical Innovation + Technology editor

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

If the Trump administration continues taking a laissez-faire stance toward AI—including AI used in healthcare—why not let the states go it alone on regulating the technology? 

Boston Scientific has announced another significant M&A deal, scooping up an Israeli medtech company focused on RDN technology. 

Harvard’s David A. Rosman, MD, MBA, explains how moving imaging outside of hospitals could save billions of dollars for U.S. healthcare.