
Achieving Information Security in Healthcare


Dan Costantino, CISO, Penn Medicine
Owing to the growing concerns of patient data security, it’s indispensable for the healthcare experts to reassess their information security programs on a continual basis as it matures. It is critical to scrutinize whether you have implemented fundamental security controls and practices, such as patching, apart from identification and security awareness. Consistently networking with CISOs in the industry is one of the best practices to ensure that you are going in the right direction, performing a part of the essentials that you ought to be. It’s also imperative to frequently have an expert assist you in understanding if you are allocating your resources in the right places, investing in the right asset, and focusing on the right risks and threats. Often, it takes an external firm that can give you inputs on better resource utilizationon a yearly premise, to help advance your program.
Evolution of the Role of CISO
Lately, the role of a CISO has changed significantly. Who was once viewed as simply the leader of IT security systems, the CISO, is a critical stakeholder in the business now. This is because of the increase in data breach threats and a more profound understanding of data security at a broader level which was earlier restricted to technical systems and IT systems. Likewise, they are required to have a significant comprehension of the business and its mission while also possessing a solid technical acumen.
Owing to the growing concerns of patient data security, it’s indispensable for the healthcare experts to reassess their information security program
Key Challenges of a CISO in the Healthcare Industry
In the healthcare industry, CISOs are facing a lot of unique challenges today. The most significant challenge is the need to design a secure environment while not compromising patient care in any way. It’s really important for CISOs and information security teams to be cognizant of all that the clinical personnel and researchers are doing every day. They also need to understand that our patients come to us because of all the innovative work and miracles that these clinicians and researchers are performing. It’s our responsibility to support that mission while maintaining the safety of our patients’ data. That’s very challenging and unique in the healthcare information security arena.
The healthcare information security landscape is witnessing major technological developments. One of the primary developments is the never-ending list of storage repositories and a record of where data is transmitted to, including IoT, cloud, mobile, and medical devices. The challenge is that we live in an environment where there is no longer a well-defined perimeter to protect. Hence, there exists the challenge of protecting data that is leaving the internal environment on a more frequent basis. Today, information systems are inherently designed for information sharing and availability; introducing an added challenge to securing them.
Application of Behavioral Analytics on Insider Threats within Organizations
The industry, in general, is facing a major challenge due to insider threats. Often, these threats are not really malevolent moves that are being made by employees; it isn’t a workforce with malicious intentions. Typically, insider threat is the result of unwitting actions by the employee due to the fact that cyber security is not their primary expertise or role in the organization. One of the challenges is when employees work in an environment for a long period of time, they develop a strong sense of ownership in the data. When it’s time for those employees to leave, it’s not unusual for them to feel like they own the data that’s created. Yet the ownership lies within the organization and needs to remain within the organizational context. The behavioral analytics platforms today and the application of it, is truly being the emphasis on the insider threat. It’s necessary to understand the key pointers or behaviors that the workflow is demonstrating. A string of key behaviors combined with each other can most likely give us some proactive insights into a harmful event that could take place later on, whereas we are currently trying to be reactionary after that incident has already taken place.
Advice to an Aspiring CISO
It’s an absolute must to build a team that has the capability of performing not only the everyday security tasks, but also becoming ingrained in the strategy and the development of the overall program.
Something that security industry is good at, but still has room for enhancement, is information sharing— sharing information with all security personnel, not just what we are doing well, but also some of the adverse situations that we are seeing within the industry. Information sharing truly comes from various distinctive sources. One of them is through networking; another source is NH-ISAC. The information sharing happens throughout the industry, not simply with security pioneers, but also with security engineers, analysts, and regular professionals.
The objective should be to build a world-class security program and create next-generation security levels in your program. A CISO need not contemplate implementing cutting-edge security from the very beginning. It is really essential to start from the fundamentals.
Check out: Top Healthcare Security Solution Companies
Featured Vendors
BitCare: Technology Infused Healthcare Company Driven to Provide Holistic Preventative And Convenient Services.
Nex Medical Solutions: Introducing Cutting-Edge Preventive Healthcare to the Frontline Practitioners
MedFeeTree: Connecting Healthcare Providers and Billers on an Open-Market Bidding Platform for Faster Claims Resolution
WinWire Technologies - Infusing Technology to Serve the Ultimate Purpose: Empowering Healthcare Companies to Save Lives
Sunquest Information Systems Inc.: Transforming Medical Laboratories into Enterprise Strategic Pillars
Smartlink Mobile Systems: Patient/Provider Mobile Communication App Improves Quality of Care and Ensures Full Compliance with Medicare Chronic Care Management
GSI Health: Enabling Effective Population Health Management through the Marriage of Care Coordination with Analytics
HealthCare Information Management, Inc: Simplifying Healthcare Payer Operations through Claims Automation
Wipro Healthcare & Life Sciences Combining Innovation with Expertise to Redefine Healthcare Delivery
Shareable Ink: Simplified Clinical Documentation for Anesthesia, Providers, Patient Check in &Surgery Centers
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
What It Truly Means For IT Security To Bea Business Enabler
Digital Transformation 2 Requires a CIO v2.x
Leverage ChatGPT the Right Way through Well-Designed Prompts
Water Strategies for Climate Adaption
Policy is a Key Solution to Stopping Packaging Waste
Congestion-Driven Basis Risk, A Challenge for the Development of...
