As digital healthcare continues to evolve, the avenues health systems store patient records and data have transformed. New innovations in technology, such as cloud-based storage systems and mobile patient access, have changed the perimeters of data security, deeming healthcare as one of the most vulnerable industries to cybersecurity attacks.
These were some of the top issues for CISOs panelists discussed at Becker's Hospital Review 4th Annual Health IT + Revenue Cycle Conference in Chicago, Sept. 19-22.
Here are the three key issues leaders face:
1. Looking at healthcare as an IT industry. The amount of data health systems maintain is continually increasing. Patrick Angel, interim CISO and global security architect at Cleveland Clinic Foundation, said there is an urgent need for health systems to recognize their responsibility when it comes to data protection.
"One of the huge paradigms healthcare needs to really move past is that we're not just a healthcare organization. We're not just here to treat people's physical ailments and treat their bodies and so on. The fact of the matter is that healthcare is now a true information technology industry … All of the data out there says you're an IT shop. Guess what, the bad guys [hackers], they know you're an IT shop. They've been hitting you with ransomware, scamware, phishing [attacks]. They're profiling executives on LinkedIn, they're prowling through Facebook, they know all this. It's obvious. Healthcare just needs to put their arms around it and embrace it."
2. Accepting you will be hacked. It may be uncomfortable but accepting your health system will most likely fall victim to a cybersecurity attack shifts the focus on how to move forward. Gus Malezis, CEO at Imprivata, stressed the importance of restoration of services after an attack, and how this component is often overlooked.
"Restoration of services has been less attended to … It's been all about, 'Well let me stop them [hackers], so they don’t affect the rest of my network.' Well, what if you can't stop them? What if they're everywhere? And you then find that out two days later. How do we restore service so that we can enable our clinicians to deliver the care and life critical service that they deliver?"
3. Shifting to interoperable identities. Point-to-point identities can create gaps, or opportunities, for hackers to break into a network. Hector Rodriguez, worldwide health CISO at Microsoft, explained the benefits of adopting interoperable identities to establish more secure networks.
"We, as healthcare consumers, don't want a hospital or a health plan to give us another identity … you end up with a different identity for every hospital. I have a MyChart identity with my provider. I have a health plan identity with my provider. I have a Microsoft identity. We don’t want that. We don't want to have multiple identities. But, that's what we have to do today. What we want is one interoperable identity that is then managed with different identity policies when we're in these different roles that we have throughout the day."