[BreachExchange] Top 3 issues CISOs face today

[Destry Winant]

https://www.beckershospitalreview.com/hospital-management-administration/top-3-issues-cisos-face-today.html

As digital healthcare continues to evolve, the avenues health systems
store patient records and data have transformed. New innovations in
technology, such as cloud-based storage systems and mobile patient
access, have changed the perimeters of data security, deeming
healthcare as one of the most vulnerable industries to cybersecurity
attacks.

These were some of the top issues for CISOs panelists discussed at
Becker's Hospital Review 4th Annual Health IT + Revenue Cycle
Conference in Chicago, Sept. 19-22.

Here are the three key issues leaders face:

1. Looking at healthcare as an IT industry. The amount of data health
systems maintain is continually increasing. Patrick Angel, interim
CISO and global security architect at Cleveland Clinic Foundation,
said there is an urgent need for health systems to recognize their
responsibility when it comes to data protection.

"One of the huge paradigms healthcare needs to really move past is
that we're not just a healthcare organization. We're not just here to
treat people's physical ailments and treat their bodies and so on. The
fact of the matter is that healthcare is now a true information
technology industry … All of the data out there says you're an IT
shop. Guess what, the bad guys [hackers], they know you're an IT shop.
They've been hitting you with ransomware, scamware, phishing
[attacks]. They're profiling executives on LinkedIn, they're prowling
through Facebook, they know all this. It's obvious. Healthcare just
needs to put their arms around it and embrace it."

2. Accepting you will be hacked. It may be uncomfortable but accepting
your health system will most likely fall victim to a cybersecurity
attack shifts the focus on how to move forward. Gus Malezis, CEO at
Imprivata, stressed the importance of restoration of services after an
attack, and how this component is often overlooked.

"Restoration of services has been less attended to … It's been all
about, 'Well let me stop them [hackers], so they don’t affect the rest
of my network.' Well, what if you can't stop them? What if they're
everywhere? And you then find that out two days later. How do we
restore service so that we can enable our clinicians to deliver the
care and life critical service that they deliver?"

3. Shifting to interoperable identities. Point-to-point identities can
create gaps, or opportunities, for hackers to break into a network.
Hector Rodriguez, worldwide health CISO at Microsoft, explained the
benefits of adopting interoperable identities to establish more secure
networks.

"We, as healthcare consumers, don't want a hospital or a health plan
to give us another identity … you end up with a different identity for
every hospital. I have a MyChart identity with my provider. I have a
health plan identity with my provider. I have a Microsoft identity. We
don’t want that. We don't want to have multiple identities. But,
that's what we have to do today. What we want is one interoperable
identity that is then managed with different identity policies when
we're in these different roles that we have throughout the day."