How Healthcare IT Security Leaders are thinking about cyber threats

Barbara Dumery
Dec 08, 2015

From breaches to phishing scams, cyber-attacks targeting patient and payer data are getting more sophisticated by the day. To address the most pressing privacy and security challenges in the healthcare industry, HIMSS recently brought together 350 healthcare IT leaders, including CIOs, CISOs, and IT Security Directors, for its Privacy & Security Forum in Boston.

I attended the three-day event to learn of industry developments, network with peers, and discuss the key security issues in our industry. I walked away with three key insights about the challenges and concerns that are keeping CIOs and CISOs up at night.

Key takeaways from the HIMSS Privacy & Security Forum

  1. Phishing threats are real.
    I heard numerous examples of advanced and growing threats to healthcare organizations. Phishing attacks are the #1 threat. Attackers are becoming increasingly savvy and using information from social media to tailor their attacks. Hospitals are working to combat phishing attacks by providing continuous education to their staff, but technology is also key. The speakers talked about how multifactor authentication, especially in combination with single sign-on technology, is critical.
  2. Security of medical devices is top of mind.
    Healthcare IT leaders are primarily concerned about the vulnerabilities of FDA-regulated medical devices’ older operating systems. During the first two days of the conference, Imprivata hosted a lunch discussion on “Securing Medical Device Data with Controlled Access.” The conversation focused on how to ensure the security of patient health information and patient identifiers by providing controlled access to medical devices. Attendees including CIOs, CISOs, and vendors, expressed the need for authentication to enable audit access to clinical devices.
  3. Elevating security at the Board level.
    Throughout the event, there were a variety of conversations on how to convince the hospital Board and C-Suite to prioritize security. Boards don’t recognize the need to put security at the top of their list of priorities. Security leaders are finding that educating Boards and CEOs, and effectively selling them on the importance of security tools, is the key to building the business case for investing in security.