Hospital and health system experts discussed cybersecurity at Becker’s 4th Annual Health IT + Revenue Cycle Conference, Sept. 20 in Chicago. McGuireWoods Senior Counsel Nathan Kottkamp moderated a panel comprising:
- Gregory Bryant, Tyler-based Texas Spine and Joint Hospital’s IT director
- Cynthia Wisner, Livonia, Mich.-based Trinity Health’s associate counsel
- Gus Malezis, Lexington, Mass.-based Imprivata’s CEO
- Michael J. Reagin, Norfolk, Va.-based Sentara Healthcare’s corporate vice president and CIO
Overseeing cybersecurity at a hospital or health system is no simple task. Human error is the leading cause of cybercrime, with the potential to expose entire organizations and patient data through a minute action like opening an email.
“It’s a real challenge,” Mr. Reaginsaid. “Years ago, I used to think about all those technical things I needed to get in place and make sure the perimeter and everything was secure. That’s all gone away now. Everyone has their blocking and tackling in place. Now it’s just managing the complexity of our data and our partners and where that data is going.”
For Mr. Malezis and Imprivata, an IT security company, the cyberattack conversation has rapidly shifted from “what-if” to “when.”
“I no longer lose sleep knowing there’s going to be an event,” Mr. Malezis said. “It’s just a fact of life. You have to live with it. What I lose sleep over is [whether] we have the process implemented across the organization with enough staff to really respond to it.”
Mr. Bryant reiterated the importance of having a plan and sufficient resources.
“I have a policy and procedure in place,” Mr. Bryant said. “It’s on the books. All the managers have it, the C-Suite. These are the steps we follow. … We have a plan, we’ve practiced it. Being a small facility, we don’t have that kind of talent on staff, so we have to have the procedures in place. We have to be well-drilled, cross-trained and ready to go.”
Ms. Wisner offered a perspective from the other side of the size spectrum. As a leader at Trinity Health, she talked about resource allocation and how Trinity prepares for attacks.
“By identifying some of our [cybersecurity] vulnerabilities, we’re able to identify a need for resources,” Ms. Wisner said. “[Executives] ask us what our priority are. Our priority isn’t going to be prevention because we cannot prevent [attacks], so we’ve emphasized a priority on both monitoring and being prepared to respond so we can mitigate the impact of any kind of attack.”
More articles on healthcare:
Meharry Medical College launches data science institute to improve care in minority populations
Ascension, Banner Health among 6 newest hospitals to join Syapse’s precision oncology network
New app from Tempus brings clinical, genomic data to physicians at point of care
