HIMSS 2017: Experts encourage efforts to improve cybersecurity, breach response

Cybersecurity was one of the many highlighted topics during HIMSS 2017 in Orlando, with a number of presentations focusing on industry efforts to secure patient information and still be able to share such information. Hussein Syed, chief security information officer at RWJBarnabas Health, and Ladi Adefala, MBA, senior security strategist at Fortinet, discussed how healthcare must adapt to protect patients.

Healthcare is becoming increasingly dependent on technology; the healthcare cloud market alone is expected to reach $9.5 billion by 2020. With 80 percent of organizations reporting a “significant security incident," the healthcare market has become a common target for hackers all over the world. Syed and Adefala presented a number of approaches to tackle security problems and covered current trends in implementing security programs.

More than 16.4 million patient records were breached in 2016, according to HHS, suggesting healthcare could be one of the weaker industries when it comes to protecting consumers. Syed and Adefala said one problem faced by the industry is the diversity of technology—with wearables, remote monitoring and electronic health records (EHRs). They also said only 10 percent of organizations are confident in their abilities to prevent data breaches and defend themselves from hackers.

The presenters explained challenges of combining cloud computing and micro segmentation. Different ports to access patient information—such as workstations, kiosks, data centers and applications—and low security protocols in place can make healthcare a sitting duck. As an example of what works in cybersecurity, Syed explained the network design of RWJBarnabas Health as a way to build a stronger core in security. In RWJBarnabas, Syed showcased how each aspect of the healthcare organization is connected and built upon a framework for secure cloud sharing, while also divided and monitored by separate entities to protect against cyber-attacks and improve the company's response.

RWJBarnabas’s network flows information to each entity within the healthcare system, from the hospital to the cloud or medical office. Passing through the “core” monitoring base adds barriers to each port of entry for healthcare information. Multiple eyes monitoring the influx of information improves data sharing, privacy and security.

Syed and Adefala urged healthcare organization to develop a framework of security that includes performing routine risk assessments, developing a strategic three-year plan to prepare for future security of patient data and having a clear focus on incident response. 

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

Trimed Popup
Trimed Popup