By Alexander Grijalva, CISO, VillageCare Healthcare’s cybersecurity problem is a half-century old affliction that began with the first step towards digitization. When hospitals introduced computerized systems in the late 1960s and 1970s, they also unwillingly exposed themselves to cyber threats. To cyber criminals, healthcare organizations were “no [longer] viewed as…sacrosanct institutions of mercy” and consequently not immune to computer crime, wrote Robert A. Hershbarger in 1977. Some of the hospital information systems developed in the 1970s (such as the Dutch BAZIS system) incorporated h ..read more

By Mitch Parker, CISO, Indiana University Health The CURES Act Final Rule’s provision requiring healthcare providers to give access to the health information in their electronic medical records without delay is coming on April 5. This means that patients will be able to use their application of choice to access their medical records and store them on their devices. This also means that providers will have to open secured Application Programming Interfaces (APIs) for the applications to access this data. There are security requirements around these APIs, mainly the use of OAuth2 authentication ..read more

By Kate Pierce, CIO & CISO, North Country Hospital In 2020, every healthcare organization was stretched to its limits by the worldwide pandemic. Throughout this historic year, IT was heavily relied upon as an essential component to solving a complex puzzle that changed daily. Instantly enabling and supporting telehealth platforms, moving employees off-site as part of the new remote workforce, and standing up COVID-19 dashboards were common themes of how IT departments responded to the evolving needs. However, interwoven into this complexity was another theme – the significant uptick in se ..read more

By Arthur F. Ream III, Senior Director of IT Applications & Integration | CISO, Cambridge Health Alliance The U.S. FDA’s Center for Devices and Radiological Health (CDRH) has always remained committed to promote and protect public health, including the safe and effective use of medical devices and diagnostic devices that are connected to the Internet, hospital networks, and most any other medical devices. Labs are becoming automated more than ever, which increases the risk on unsecured connected devices as someone can hack and use it to infiltrate the broader organizations infrastructure ..read more

By Shefali Mookencherry, MPH, MSMIS, RHIA, CHPS, HCISPP, CISO, Edward-Elmhurst Health The mitigation of security risks in cloud computing is a challenge to many healthcare organizations. As organizations move to the cloud more frequently, cloud security is a major concern for CIOs and CISOs.   Most organizations fear the loss of control by moving to the cloud. The discussion around security risk in the cloud requires organizations to find the difference between real risk and uneasiness. They may worry about losing control of the data and fear the risks that come with this approach. Orga ..read more

By TJ Mann, Senior Director Cybersecurity & CISO, Children’s Mercy Businesses are moving at the speed of a Ferrari and the massive ongoing digital transformation is fueling it. Indeed, the COVID-19 pandemic has been the reason for many organizational digital transformations, but in reality this has been occurring long before COVID-19. The threat actors are improvising and already a step ahead by tapping into the disruptive technologies powered by AI, machine learning. In this fast-paced business environment, who is responsible for Cybersecurity? Business Units – In most cases, cyber-crim ..read more

By Scott Dresen, SVP & CISO, Spectrum Health The COVID-19 pandemic changed health care dramatically almost overnight. Across the country, those health care systems hit hard early were in crisis mode, trying to manage the overwhelming influx of patients. Those not yet impacted watched with morbid anticipation of the potential impact they might realize as the pandemic spread towards them. All health care systems have made difficult decisions about which services to continue delivering versus those that need to be suspended in order to reallocate resources towards COVID-19 preparation and re ..read more

By Chris Baldwin, System Director (CISO), Hartford Healthcare Maya Angelou, a noted civil rights activist, once said, “hope for the best, prepare for the worst, and be unsurprised by anything in between.” This is useful thinking in support of effective cybersecurity. The French Maginot Line On May 10, 1940, Germany began the invasion of France through the Ardennes Forest in Southeast Belgium. The French believed an attack through this dense, rugged terrain was improbable. They had spent the past nine years and $3b francs constructing a 280-mile fortification called the Maginot Line. The Frenc ..read more