Hospitals and health systems are becoming more focused on cybersecurity with the influx of data breaches.
Below are five key quotes from different healthcare cybersecurity leaders.
New York City-based Hospital for Special Surgery Chief Information Security Officer Vikrant Arora
"[One initiative I am proud of is] building a culture of security where most users feel empowered to identify and report security incidents. The response can be in the form of calling the service desk and reporting virus-like behavior, reporting a phishing email or simply reaching out to the security team with questions, even for personal internet security matters. This transition from a technology- or process-centric information security to people centric security information security has been one of the biggest satisfiers.
Naperville, Ill.-based Edward Elmhurst Healthcare Chief Information Security Officer Don Fosen
"The increase in the pace of new vulnerabilities and how quickly they are exploited is a big impact. From WannaCry to Bluekeep we are being forced to deal with these attacks down to the infrastructure level. For instance, our time to restore systems from backup is critical in responding to a large security event. We are treating cybersecurity events that scale like natural disasters and including them in our disaster recovery and business continuity plans."
Lake Chelan (Wash.) Community Hospital CIO Ross Hurd
"Based off the influx in cyberattacks, training staff about cybersecurity is a big task in IT that can go overlooked. I created a program that includes training tests that go out once a month to all staff. We have been testing our staff 40 months. If they fail one of the tests, then they get re-enrolled in cybersecurity training. We are down to 1.6 percent failure. Typically, hospitals aim to be below 3 percent. When we first rolled it out, there were 78 people who failed and now a few months can go by with no failures."
University of California Davis Medical Center researcher Jeff Tully, MD
"The motivations for hacking can be pretty complex and multifactorial. Some people and organizations obviously work for profit, and there are those out there who are just kind of mischief breakers. There are also people who are looking at certain political or economic objectives. My favorite type of hackers is the 'good guy' hackers, or the security researchers who make the system stronger by actually discovering and then fixing vulnerabilities. These people work on medical devices to advocate and improve patients' safety."
Walnut Creek, Calif.-based John Muir Health Chief Information Security Officer Thomas August
"[One initiative I am proud of is] building a program focused on managing real-world risks and threats, not just complying with audit checklists or arbitrary controls frameworks."
More articles about cybersecurity:
UMass Memorial Health Care alerts 4,600 patients of phishing attack
Cybersecurity issue and trends on the horizon: 3 Qs with Edward Elmhurst Healthcare CISO Don Fosen
Don’t overlook cybersecurity training — Why Lake Chelan Community Hospital CIO created his own cyber program