Cybersecurity was one of the many highlighted topics during HIMSS 2017 in Orlando, with a number of presentations focusing on industry efforts to secure patient information and still be able to share such information. Hussein Syed, chief security information officer at RWJBarnabas Health, and Ladi Adefala, MBA, senior security strategist at Fortinet, discussed how healthcare must adapt to protect patients.
Healthcare is becoming increasingly dependent on technology; the healthcare cloud market alone is expected to reach $9.5 billion by 2020. With 80 percent of organizations reporting a “significant security incident," the healthcare market has become a common target for hackers all over the world. Syed and Adefala presented a number of approaches to tackle security problems and covered current trends in implementing security programs.
More than 16.4 million patient records were breached in 2016, according to HHS, suggesting healthcare could be one of the weaker industries when it comes to protecting consumers. Syed and Adefala said one problem faced by the industry is the diversity of technology—with wearables, remote monitoring and electronic health records (EHRs). They also said only 10 percent of organizations are confident in their abilities to prevent data breaches and defend themselves from hackers.
The presenters explained challenges of combining cloud computing and micro segmentation. Different ports to access patient information—such as workstations, kiosks, data centers and applications—and low security protocols in place can make healthcare a sitting duck. As an example of what works in cybersecurity, Syed explained the network design of RWJBarnabas Health as a way to build a stronger core in security. In RWJBarnabas, Syed showcased how each aspect of the healthcare organization is connected and built upon a framework for secure cloud sharing, while also divided and monitored by separate entities to protect against cyber-attacks and improve the company's response.
RWJBarnabas’s network flows information to each entity within the healthcare system, from the hospital to the cloud or medical office. Passing through the “core” monitoring base adds barriers to each port of entry for healthcare information. Multiple eyes monitoring the influx of information improves data sharing, privacy and security.
Syed and Adefala urged healthcare organization to develop a framework of security that includes performing routine risk assessments, developing a strategic three-year plan to prepare for future security of patient data and having a clear focus on incident response.