<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=176170952734135&amp;ev=PageView&amp;noscript=1">


Un-complicating Healthcare IT

From HIMSS17: Cybersecurity and Engaging Healthcare Leadership

Mar 13, 2017 7:35:00 AM Posted by Jim Tufts | Leadership Solutions Team Lead

Cybersecurity_HIMSS17.pngBefore the week of HIMSS17 sessions began, I attended the Cybersecurity Symposium. Here are a few of my main takeaways from this symposium:

  • A term that was used often throughout the day was "cyber hygiene." Think of it in the same way you'd think of personal hygiene. It's the habitual things you do each and every day to keep your devices clean and the protections you utilize to prevent viruses and malware.
  • Phishing attacks increased 250% in the first quarter of 2016 and they continue to be the #1 mechanism for delivery of malware. 
  • Data ownership and data stewardship are similar concepts but are different when you approach it from a security perspective. Data governance will be a key focus going forward.
  • Some recent cyber attacks have found some of their social engineering information by listening in on unsecured teleconferences and WebEx sessions. Recommend password protecting these and letting attendees know the password via separate mechanisms (text it separate from the email invite, for example).

Executive and Board Involvement

In another session called, “Engaging Executives and Boards in Cybersecurity,” the speaker shared about the Executive and Board involvement in cybersecurity and the challenge that can be. Here are three things that often hamper the discussion:

  1. Complexity of cybersecurity – difficult to understand the complexity and language of security, and feel it’s the responsibility of IT
  2. Lack of effective messaging – limited communications that deliver an understanding of what the threats are and the risks involved
  3. Breach impact unawareness – costs and ramifications of a breach on the organization aren’t fully understood

Cybersecurity Messaging Framework

In order to explain cybersecurity concerns to the healthcare Executives and Board, here is a Messaging Framework to use:

  1. Who might attack?  – Relay the likely scenarios
  2. What are they after, and what are the risks we need to mitigate? – What information is at risk and what is needed to protect it
  3. What tactics might they use? – So we know what to educate our workforce on and what protections are needed that we don’t have
  4. What is needed to strengthen our information security program to reduce the risks to an acceptable level? – What is our current capability and what needs to be done?

The ICE security team recently put together this Security tip sheet if you’re interested in learning 6 practical steps towards protecting your organization appropriately from healthcare cyber attacks.

New Call-to-action


Jim Tufts | Leadership Solutions Team Lead

Jim, along with the Leadership Solutions team, leads, guides healthcare providers, in user education, consulting, process improvement, disaster recovery planning, strategic IT planning and more. Jim is the author of the whitepaper, “Guide to the HIPAA Security Rule,” and is often found in healthcare association meetings, national conferences, or in a healthcare board room educating on protecting electronic patient health information.