HIMSS 2017: Experts encourage efforts to improve cybersecurity, breach response

Cybersecurity was one of the many highlighted topics during HIMSS 2017 in Orlando, with a number of presentations focusing on industry efforts to secure patient information and still be able to share such information. Hussein Syed, chief security information officer at RWJBarnabas Health, and Ladi Adefala, MBA, senior security strategist at Fortinet, discussed how healthcare must adapt to protect patients.

Healthcare is becoming increasingly dependent on technology; the healthcare cloud market alone is expected to reach $9.5 billion by 2020. With 80 percent of organizations reporting a “significant security incident," the healthcare market has become a common target for hackers all over the world. Syed and Adefala presented a number of approaches to tackle security problems and covered current trends in implementing security programs.

More than 16.4 million patient records were breached in 2016, according to HHS, suggesting healthcare could be one of the weaker industries when it comes to protecting consumers. Syed and Adefala said one problem faced by the industry is the diversity of technology—with wearables, remote monitoring and electronic health records (EHRs). They also said only 10 percent of organizations are confident in their abilities to prevent data breaches and defend themselves from hackers.

The presenters explained challenges of combining cloud computing and micro segmentation. Different ports to access patient information—such as workstations, kiosks, data centers and applications—and low security protocols in place can make healthcare a sitting duck. As an example of what works in cybersecurity, Syed explained the network design of RWJBarnabas Health as a way to build a stronger core in security. In RWJBarnabas, Syed showcased how each aspect of the healthcare organization is connected and built upon a framework for secure cloud sharing, while also divided and monitored by separate entities to protect against cyber-attacks and improve the company's response.

RWJBarnabas’s network flows information to each entity within the healthcare system, from the hospital to the cloud or medical office. Passing through the “core” monitoring base adds barriers to each port of entry for healthcare information. Multiple eyes monitoring the influx of information improves data sharing, privacy and security.

Syed and Adefala urged healthcare organization to develop a framework of security that includes performing routine risk assessments, developing a strategic three-year plan to prepare for future security of patient data and having a clear focus on incident response. 

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”