Healthcare IT Security: Discussing the Challenges, Risks, and...
healthcaretechoutlook

Healthcare IT Security: Discussing the Challenges, Risks, and Strategies to Prevent Cyber Attacks

By Jennings Aske, Chief Information Security Officer, NewYork-Presbyterian

Jennings Aske, Chief Information Security Officer, NewYork-Presbyterian

What are the best ways healthcare organizations can defend against cybersecurity threats?

o Healthcare organizations should adopt a cyber framework and not only focus on HIPAA, as the requirements defined by HIPAA by themselves do not adequately address cyber risks. Cyber frameworks such as the NIST Cybersecurity Framework or the CIS Critical Security Controls are purpose-built for today’s cyber risk environment. In my opinion, these frameworks fill in the “gaps” in HIPAA’s requirements.

Are there any current healthcare IT security trends that are actually helping to protect hospitals and healthcare organizations from cyber security threats? If so, what are they?

o No. Healthcare is increasingly using technology, and thus is increasingly susceptible to the challenges of using technology. Healthcare isn’t turning back to paper, so these challenges are here to stay.

• Please outline a few IT security challenges that the healthcare industry faces. What is NYP doing to address similar or other challenges?

o Healthcare faces the same challenges as every industry, ranging from patching servers in a timely manner, to ensuring that the supply chain is secure. I think the distinction for healthcare, is that many organizations are late to understanding the importance of security as a patient safety measure. NewYork-Presbyterian’s Board and CEO level understands the criticality of information security to delivering safe and effective patient care. NewYork-Presbyterian has embraced cyber frameworks, and is investing in cyber technologies deployed in other industry verticals.

How are medical devices also at risk of cyber attacks what can be done to safeguard them?

o Medical devices are currently a major risk for healthcare organizations as the device manufacturers have all too often focused on functionality over security controls. And, at times physicians have opposed controls being added to devices because they viewed the controls as burdensome (e.g., having to login to a medical device). NewYork-Presbyterian is actively engaging device manufacturers on the security of their products, as well as joining MDISS, an organization that offers a promising means for collaboration between manufacturers and healthcare organizations.

• Healthcare IOT security issues: Are there potential long-term risks for the healthcare industry if massive cyber security breaches continue?

o Healthcare is increasingly using internet connected medical devices, telehealth, and other cutting technologies to deliver more timely and efficient care. However, these initiatives are at risk if healthcare does not adopt cyber controls to protect this information and the systems supporting these new initiatives.

• Hospitals have lots of information but can’t always find ways to use it effectively to drive business. Data is both difficult to access and needed by more applications. How do you examine the effective and proactive use of data—how to consolidate, integrate and use it to drive business?

o Multiple leaders and groups at NewYork-Presbyterian look at this issue, including our analytics team, Chief Transformation Officer, and leaders across all departments. NewYork- Presbyterian is becoming increasingly effective at utilizing information because we have focused on collaboration, and breaking down silos between business lines and IT. This has led to innovative programs such as our telehealth initiatives, including our NYP OnDemand platform which provides for capabilities such as digital second opinions, virtual visits and TeleStroke care.

• With your rich experience of managing IT organization and steering technology for your industry, can you please share some of the unique lessons learned and your advice for CISOs and IT leaders?

o The most important lesson is to listen and be open to ideas. IT leaders can be siloed from the individuals and business functions they support. Collaboration starts with listening to the business and working together on solutions.

Weekly Brief

Read Also

Transitioning Toward Value-Based Home Care

Transitioning Toward Value-Based Home Care

Robert Pritts, President, Home Care & Post Acute Services, SSM Health
Tools and Capabilities Required for Value-Based Care

Tools and Capabilities Required for Value-Based Care

Mark Weisman, Chief Medical Information Officer, Peninsula Regional Medical Center
Healthcare Information Security is an Imperative Segment for a CXO

Healthcare Information Security is an Imperative Segment for a CXO

Jackie Mattingly, Director of HIPAA Security, Owensboro Health
The Case for VR and Addiction Treatment

The Case for VR and Addiction Treatment

Derek Price, Chief Executive Officer, Desert Hope Treatment Center
Dripping In Data; What Does 'Cloud Computing' Mean For Patients And Pharma Collaboration In The Era Of Citizen Science?

Dripping In Data; What Does 'Cloud Computing' Mean For Patients And...

Emma Sutcliffe, Head, Patient Engagement and Innovation, NexGen Healthcare
Using Technology to Identify and Address Chronic Patients' Emotional and Social Needs

Using Technology to Identify and Address Chronic Patients'...

Bharat Tewarie, MD founder of Boston BioPharma Consultants Jennings Xu, Director, Quid