Don’t overlook cybersecurity training — Why Lake Chelan Community Hospital CIO created his own cyber program

Community hospitals don’t always share the same challenges as large health systems. With limited budgets, community hospital executives must carefully oversee projects and initiatives to determine what is best for the hospital.

Ross Hurd is the CIO of Lake Chelan (Wash.) Community Hospital. As the CIO, he is responsible for the hospital’s information technology services, including technology serving its 24-hour emergency room, surgical center and inpatient services.

To constantly improve patient care, Mr. Hurd looks for partners. Below, Mr. Hurd discusses the most influential partnerships he has formed since becoming CIO and what he views as one of the most important aspects of employee training.

Editor’s note: Responses are lightly edited for clarity and length.

Question: If you had $10 million (no strings attached), what technology or idea would you invest in?

Ross Hurd: We are a critical access hospital, so $10 million would be a career budget for me. If I had $100,000, I would like to do virtual desktop infrastructure. This would allow me to save resources and costs. Plus, it would add the level of security because the virtualization technology hosts a desktop operating system on a centralized server in a data center.

If I had $10 million to spend, I would like to do something similar to what hospital leaders in California are doing. There, they combined rural hospitals at 25 facilities, and they all have a shared access to a controlled hosted network. At Lake Chelan Community Hospital, I have my VM network, which has switches that are used to connect multiple devices on the same network within a building. The network is built for my hospital; however, other hospitals in the area have replicated the network. It would be easier if Washington had a statewide network.

Q: What is one simple device, technology or IT feature that often goes overlooked at hospitals?

RH: Based of the influx in cyberattacks, training staff about cybersecurity is a big task in IT that can go overlooked. I created a program that includes training tests that go out once a month to all staff. We have been testing our staff 40 months. If they fail one of the tests, then they get re-enrolled in cybersecurity training. We are down to 1.6 percent failure. Typically, hospitals aim to be below 3 percent. When we first rolled it out, there were 78 people who failed and now a few months can go by with no failures.

In the training, there are constant reminders about what is going on in terms of hospital cybersecurity and cyberattakcs. Then there is a course about the different risks. This is part of new employees’ on-boarding and a lot of people report positive feedback. When people are re-enrolled to take the courses, they realize they failed the tests because they were going too fast.

Q: What has been the most crucial partnership, collaboration you've made since becoming CIO in 2006?

RH: In 2006, I formed a regional IT super group where we were all independent and had separate systems, but we met and discussed what problems and issues we were struggling through. At every meeting, hospital leaders come to the group with initiatives they have implemented at their hospitals that have received buy-in among staff. Cybersecurity is a big talking point at these huddles. Additionally, there is a larger IT coalition in Washington. We meet once a quarter to discuss our successes and pain points. We’ve invited so many different IT players so we can get direct communication and the insider knowledge.

Additionally, When I took the job in 2006 our hospital system provider, CPSI, had a big user group. It was a larger association of IT experts that served as a clinical advisory group. We talk about strategies and projects that are improving operations at our hospitals. I have bought several items to the table and have taken advice from others. We have done workshops to discuss what the effects were from different IT implementations. There are roughly 800 hospitals that are connected through the advisory group.

More articles on cybersecurity:
70% of health IT execs feel confident in organizations’ data privacy management
Phishing attack on Oregon human services department may have exposed 645,000 people
AMCA files for bankruptcy after massive data breach

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.