Jigar Kadakia, chief information security and privacy officer at Boston-based Partners HealthCare, discusses the impact that a breach in cybersecurity can have on the healthcare ecosystem.
Question: What do you see as the next big cybersecurity threat hospitals should look out for and why?
Jigar Kadakia: We need to continue to be vigilant to external threats, and more importantly, the sophisticated threats that exist in the environment. We need to pay special attention to downstream healthcare entities that may not have great protection mechanisms in place but are part of the healthcare ecosystem, which, if impacted, can affect everyone.
Q: How do you train clinicians and front-line staff to protect patient data and avoid cyberattacks?
JK: We have a very robust multi-faceted training and educational program that educates users on their responsibilities for patient data. This program is flexible in order to educate based on specific roles, so the staff receive training that is relevant to their job function.
Q: What tasks require most of your time as CISO?
JK: We have been working on our overall strategy and have been focused on improving the maturity of the program. This includes most recently working on GDPR [general data protection regulation] requirements, continuing to enhance and automate user access review, and monitoring and improving our privacy monitoring among other items, including medical device security. We also have continued our weekly, monthly, and semi-annual training and awareness program as well as educational programs for our community.
Q: What do you consider to be the most important aspect in hospital data protection?
JK: Education, awareness and training. All three components are critical in the data protection space of healthcare. Users come in contact with many different systems — computers, medical devices, portable tablets — to treat patients and they need to have the awareness and education on how to protect patient data.
To learn more about hospital and health system cybersecurity, as well as the key trends for CISOs, register for the Becker's Hospital Review 4th Annual Health IT + Revenue Cycle Conference Sept. 19-22, 2018 in Chicago. Click here to learn more and register.