How about this scenario: The technology that had allowed one nurse to safely keep watch over 20 patients at a centralized station is down, meaning a lot more clinicians are suddenly needed to cover the same load. What will you do? This is the type of emergency that Tomislav (Tom) Mustac, Mount Sinai Health System’s […]
Paul Curylo, VP/CIO for Inova Health System says the bad guys may always be on your heels, but you can ward them off, to some extent, with cyber-hygiene — getting back to basics. Second to that, focus on business continuity.
It’s impossible to balance cyber risk with medical necessity without spending time “in the foxhole” with the clinicians to learn how and why they use the technology, according to Jack Kufahl, chief information security officer (CISO) at Michigan Medicine, the medical center affiliated with the University of Michigan
When it comes to getting a healthcare organization’s cybersecurity house in order, Joshua Roth, CISO at Children’s Hospital of Orange County (CHOC), says he starts with four things: the people, the processes, the technology stack, and managed services – and then looks to tackle the low-hanging fruit. In this interview with Anthony Guerra, healthsystemCIO founder […]
Two or three healthcare organizations a day are falling victim to a ransomware attack, according to Esmond Kane, chief information security officer (CISO), of Steward Health Care and former CISO for Harvard. The way to fight that is to use creativity, perseverance and innovation, he says.
Rather than thinking outside of the box, Greg Garneau, CISO at Marshfield Clinic Health System, believes it’s simply time to “start thinking in ways you’ve never thought before.” In this podcast, he talks about the “talent war” facing healthcare organizations – especially those in rural areas, and the decentralized leadership approach.
Hugo Lai says the key to CISO peace of mind is being thoughtful and conscientious, documenting steps taken, and then not worrying endlessly.
“Protecting workstations in their traditional form is not a technique that scales any longer,” says Keith Duemling, director of cybersecurity technology protection at the Cleveland Clinic. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Duemling talks about how he and his team of cybersecurity engineers have no small task tackling “the sheer magnitude and scale of security” at the clinic, which involves literally thousands of vendors. Third-party risk is a key trend to watch, but so is the increase in patient-owned devices being used for diagnostic purposes, Duemling says. “It’s really challenging because obviously you can’t deploy traditional tools onto someone’s privately owned device, but you are, to some degree, still responsible for the protection of their information, and certainly their protection when it comes to the care that they receive.” Ultimately, it requires building strong relationships in the enterprise and getting out in front of demand when it comes to IT.
While funding and staffing for IT security teams may not be on the rise, the number of third-parties that health systems are using – and thus the number of potential attack vectors into those health systems – is, leaving CISOs in the unenviable position of having to figure out how to more with less, says Alfonso Powers, CISO at Asante. To accomplish that, he’s looking at automation and other technologies. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Powers goes into detail on how he manages third-party risk, his experiences navigating a ransomware event, and how he tries to ensure a healthy work/life balance for him and his team.
Erik Decker, VP and CISO at Intermountain Healthcare, says consistently getting the basics of cybersecurity right goes a very long way to keeping an organization secure.