At Boston CHIME LEAD Forum, the Cybersecurity Message is Loud and Clear: Good Defense is the Best Offense

Rajiv Leventhal | Healthcare Informatics | June 22, 2016

At the Boston CHIME LEAD forum, held on Wednesday, June 22 at the Aloft Boston Seaport Hotel, and cosponsored by the Ann Arbor, Mich.-based College of Healthcare Information Management Executives (CHIME) and the Institute for Health Technology Transformation (iHT2—a sister organization to Healthcare Informatics under the Vendome Group, LLC corporate umbrella), expert health IT security panelists discussed the key components of an effective healthcare cybersecurity strategy. Throughout the day, program attendees listened to multiple engaging sessions about a myriad of cybersecurity issues, from essential factors on how patient care organizations can be better prepared, to strategies for defense, response, and recovery.

A plethora of IT security leaders—many from the healthcare space, but some with years of experience in other sectors—hammered home several core points, including: 1) the healthcare industry has now clearly become an intentional target for hackers; 2) traditional defense strategies such as firewalls and defending the perimeter are outdated and inefficient; 3) some sort of human-related issue contributes to the overwhelming majority of attacks; and 4) establishing a culture in which end users are educated and trained, and IT security is a proactive priority rather than a reactive one, is a must.

So where does the industry stand today in terms of its level of preparedness and sophisticated defense strategies? To start, the security experts in Boston pointed out that despite a recent uptick in making cyber defense a priority, it will be a while before healthcare gets to a place that other industries, such as financial services, have gotten to. Indeed, multiple panelists throughout the day attested that they were either on a solo mission at his/her organization regarding IT security, or had to start a team upon being hired. Heather Roszkowksi, CISO at University of Vermont Medical Center, for instance, said the organization's security department was essentially non-existent before she arrived four years ago...