Don Fosen is system director of technology and CISO of Naperville, Ill.-based Edward Elmhurst Healthcare, a health system with more than 50 outpatient locations and 7,700 employees.
Mr. Fosen discusses the programs Edward Elmhurst will implement in the next few years and what his strategic plan is moving forward.
Question: What initiative are you most proud of having led or participated in as a CISO?
Don Fosen: If I had to pick one it would probably be what we have done in regards to security for clinical devices such as infusion pumps and others. We are implementing a comprehensive program that covers inventory management, patching, strict vendor assessments, risk management and mitigation. I think this area is one of the hardest ones for healthcare organizations to deal with. We still have a ways to go but we have made a ton of progress.
Q: How has your role evolved over the past 12 to 24 months and where do you see it headed in the future?
DF: Our IT security program and my focus have really moved to looking at things from a risk management perspective during this time and that focus is increasing. We are implementing a formal Risk Register, Enterprise Risk Management program, and the ServiceNow based governance, risk and compliance tool.
Q: What are the two to three biggest trends in healthcare affecting your decision-making process as a CISO?
DF: The increase in the pace of new vulnerabilities and how quickly they are exploited is a big impact. From WannaCry to Bluekeep we are being forced to deal with these attacks down to the infrastructure level. For instance, our time to restore systems from backup is critical in responding to a large security event. We are treating cybersecurity events that scale like natural disasters and including them in our disaster recovery and business continuity plans.
Another one is the movement of patient monitoring and interactions out to mobile devices that can be at home, at our facilities, or anywhere with the patient in a lot of different form factors. This raises a host of security and support considerations that we are only now are starting to wrap our heads around.
To participate in future Becker's Q&As, contact Laura Dyrda at ldyrda@beckershealthcare.com.
Join us at the Becker's Hospital Review 5th Annual Health IT + Revenue Cycle Conference on Oct. 9-12 - Register here.