Ensuring security amid healthcare's digital transformation

Health systems have been increasingly adopting digital systems and tools in the past decade, and the pandemic has greatly expedited this trend. However, health systems aren't always prepared to address the cybersecurity risks these technologies can pose.

During a March 30 webinar hosted by Becker's Hospital Review and sponsored by Fortinet, Troy Ament, Fortinet's chief information security officer, moderated a discussion with three health system IT executives on how to securely implement digital systems and tools.

Mr. Ament spoke with:

• Deb Muro. CIO at El Camino Health
  
  
• Christopher Frenz, PhD. Chief Information Security Officer and Assistant Vice President of IT Security at Mount Sinai South Nassau
  
  
• Benjamin Smith. VIce President and Chief Information Security Officer at Nuvance Health

They discussed five key strategies for secure healthcare technology implementation:

1. Promote cybersecurity awareness among employees. Employees need training so they are aware of what phishing and cyber attacks look like, as well as what to do if they face those threats. Ms. Muro said El Camino Health rewards employees who identify cybersecurity risks.
   
   
2. Understand how your health system's technologies interact. The better a health system understands how its systems actually work, the easier it will be to integrate new technologies securely. Dr. Frenz recommends health systems perform a  complete asset inventory, mapping out how different technologies talk to each other.
   
   
3. Define risk parameters so you can determine how to protect your data. Health systems should identify which datasets they have and how they're accessed, where data is stored, how much data is sent to analytics vendors and who their most important users are, according to Mr. Smith.
   
   
4. Simulate threats. At Mount Sinai, Dr. Frenz' team simulated a harmless ransomware threat to see how the "virus" moved through the organization and how well their controls work.
   
   
5. Ensure visibility. Once a health system figures out which employees are working remotely, which systems and data they need to access and where they will be accessing it from, it needs to figure out how it can monitor this use. Secure web gateways are a great way to ensure visibility on where employees are accessing systems and information, according to Mr. Smith.

To learn more about Fortinet, click here.