Like any risk measure, the level of insider risk in a health system is never static, despite the fleeting comfort a snapshot might provide. Thus, it’s helpful for security and privacy professionals to contemplate the reasons spikes occur so mitigation measures can be implemented at the right time and place. For example, if we consider that issuing new user credentials increases risk (at least until training and education can have an impact), then hiring, firing, and poorly handled identity and access management can cause insider risk levels to spike. Of course that’s not even to mention M&A, which can increase a health system’s risk profile by thousands of employees and hundreds of applications from one day to the next. So what’s an IT executive or privacy officer to do? In this timely webinar, we’ll speak to leaders who are focused on managing insider risk so spikes can be addressed as efficiently as possible, and fines from HHS/OCR avoided.
Rethinking Business Responsibility in Ransomware-focused Catastrophic Downtime Planning
The recent rash of ransomware-induced outages has truly created a “not if, but when” dynamic for health systems. And with that feeling must come a commitment on the part of all leaders to ensure their organizations can continue safely treating patients and maintaining critical business operations during such an ordeal. To do that, downtime plans need to be revisited, tabletops conducted, and playbooks revised — not just once, but regularly. When it comes to IT leaders, the question has been: how can they best play their parts? How much of preparing the organization falls on their shoulders; how much on emergency management; what are the alternative options for a given function; and how can the two best work together to create the greatest chance of success? In this timely webinar, we’ll speak to leaders who are focused on doing everything in their power to support clinical and business operations until the applications come back.
Exploring the Science & Art of Application Rationalization … In that Order
Application rationalization is one of those thorny projects — absolutely necessary and extremely challenging. It’s absolutely necessary because millions of dollars are potentially being wasted on applications that are little used, if at all, while their mere existence increases the cyber attack surface. And it’s extremely challenging because, even though leveraging data to understand which apps should be retired is relatively straightforward, actually severing those apps from the users who love them adds another layer of complexity. In this timely webinar, we’ll first look at the science of application rationalization to find ripe targets, and then delve into human dynamics that can often stymie these critical initiatives.
Understanding & Mitigating Security Risk Around AI Projects
AI has the potential to address dozens of efficiency challenges that health systems must solve in order to flourish in today’s world of staffing shortages and increased burnout. As such, there is no lack of requests by users to interject it into this or that workflow. In many instances, however, the problem with moving forward is a red light put up by IT due to security concerns. But it doesn’t have to be that way. Whereas in other situations, a pristine state may have been required before moving forward, when it comes to AI and security, there are interim, iterative and incremental steps that can be taken so projects can move forward without jeopardizing the enterprise. In this webinar, we’ll speak to leaders who, instead of saying no, are finding ways to respond with, “Yes, and here’s how.”
Reducing Costs & Improving Service by Implementing Use-Case Specific Automation
Whereas AI has some excessive enthusiasm around it (especially in the clinical realm), automation is a no-brainer. Well, not exactly. That’s because — though automation may work magic when done on the right workflow, at the right time, and in the right way — getting all three right (without understanding some nuances) is a long shot. In this practical and timely webinar, we’ll speak to leaders about those nuances to give others the best chance of success. With staffing shortages (due to burnout and other issues) on the rise and patient satisfaction all-important, this is one webinar you can’t afford to miss.
Cedars-Sinai CIO Craig Kwiatkowski Talks Overhauling ERP, AI Governance & Immersive Learning
With organizations heavily focused on EHR rollouts and optimizations, the “critically important” administrative systems took a back seat, said Craig Kwiatkowski. In this interview, he talks about the “major overhaul” Cedar-Sinai has undergone to centralize services, the keys to success with its Accelerator program, and his interesting career background.
Reexamining Third-Party Risk Management Around Critical Service Providers
Recent industry-shaking events have made it clear that serious points of risk lurk throughout healthcare. They’ve also revealed that operational risk and IT security risk are deeply intertwined, making it incumbent for CISOs and CIOs to work with others in their health systems – from the chief risk officers, to clinical leaders, to emergency management – to help develop a joint picture of third-party risk that analyzes the implications of losing services not only from a cyber outage, but for any reason. In this timely webinar, we’ll speak to leaders who are committed to going back and reviewing key third-party service providers through the lens of recent learnings so appropriate levels of total risk can be assigned, and plan Bs can be developed.
Harnessing the Potential of True Enterprise Imaging
Enterprise imaging is similar in scope to the EHR, and it allows clinical users to properly identify, acquire, store, manage and visualize imaging studies from across their enterprise, regardless of device, modality, department, service line or location. Historically, each imaging department made its own decisions and purchases regarding these services, often resulting in siloes with significant storage and software duplication, inefficient routing, perilous database synchronization and user frustration (or worse, apathy). With major potential upside when done right, health systems can adopt a true enterprise imaging strategy, led by executive IT members with proportional governance oversight and clinical buy-in from leaders in key domains, such as Radiology, Cardiology, Endoscopy, PoCUS and more. Join us as we speak to leaders and have them share their experiences and opinions on how a true enterprise imaging strategy can be executed.
Exploring the ePHI Cyber Crisis & How to Fix It
It’s the dirty little secret among healthcare cyber professionals — they don’t know where all their ePHI is; not even close. And while those professionals are not to blame (healthcare workflows and, thus, data flows are messy business); they do have to get their arms around the problem. The first step? Understand it. In this unique webinar, we’ll explore the results of a Ponemon study on the state of ePHI in healthcare to learn just how bad the problem is and where the data might be. Then, we’ll explore ways to secure it and, in the process, hopefully give cyber professionals one less reason to be up at night.
Designing Cyber Recovery Strategies for Today’s Data-Heavy Enterprise
Savvy healthcare IT security professionals are as focused on an efficient recovery if something goes down as they are on keeping the enterprise up. And to be positioned for success around recovery, it’s imperative business continuity plans are right sized to address the large amounts of data that health systems are amassing every day. In this timely webinar, we’ll speak to leaders who know that — with such growth — the data-protection approach of yesterday may not work for today, let alone tomorrow. We’ll explore the policies, procedures, governance and technologies they are putting in place so that if things go down, they can be back up and running as soon as possible.