1
Medtech
  • Home
  • MedTech Insights
  • APAC
  • Europe ▾
    • Medical Device Manufacturing
  • Conferences
  • Newsletter
  • Subscribe
  • News
  • About Us
  • Connected Health
  • Medical Device Manufacturing Europe
  • Dermatology
  • APAC
  • Biomechanics
  • Nanomedicine
  • Haematology
  • Europe
  • Neurology
  • Manufacturing
  • Pediatrics
  • Chronic Care
  • Diabetes Care
  • Wound Care Technology
  • Medical Imaging
  • Oncology
  • Orthopedic
  • Endoscopy
  • Ophthalmics
  • Ultrasound
  • Dental
  • Robotics
  • Packaging and Sterilization
  • Simulation
  • Surgical
  • CardioVascular
  • In Vitro Diagnostics
  • Dental
  • Robotics
  • Packaging and Sterilization
  • Simulation
  • Surgical
  • CardioVascular
  • In Vitro Diagnostics
  •   MORE
      • Medical Imaging
      • Manufacturing
      • Neurology
      • Haematology
      • Nanomedicine
      • Biomechanics
      • Dermatology
      • Chronic Care
      • Diabetes Care
      • Wound Care Technology
      • Ultrasound
      • Ophthalmics
      • Endoscopy
      • Orthopedic
      • Oncology
      • Connected Health
      • Pediatrics
×

Subscribe to our mailing list for the latest articles, news, and exclusive insights

news

Subscribe to our Newsletter

Thank You for subscribing with us. We sent you an email regarding this.

loading

Subscribe Now!
Editor's Pick(1 - 4 of 8)
left
Enhancing Healthcare Delivery through Mobile Technology Innovations

Robert K Eardley, CIO, Houston Methodist

How do you see the benefits of cloud computing for the healthcare industry, and how have you embraced it?

John Kravitz, Chief Information Officer, Geisinger Health System

Millennials Driving Transformation In Health Delivery Experience

Arya Choudhury, CIO, SGF

Innovations that Enhance Public Healthcare

John Kravitz, CIO, Geisinger

A Workflow Makeover

Rich Temple, VP/CIO, Deborah Heart and Lung Center

Collaboration: The Key to Progression

Cletis Earle, CIO, Kaleida Health

Transforming Health Care for the Consumer

Laurent Rotival, SVP of Strategic Technology Solutions and CIO, Cambia Health Solutions

Mobility: Key Enabler For Clinicians To Care For Patients

David Lafferty, CIO, Tidewell Hospice

right

Cybersecurity and Healthcare: It's Not Just About Protecting the Data

By Daniel Nigrin, MD, SVP & CIO, Boston Children’s Hospital

Daniel Nigrin, MD, SVP & CIO, Boston Children’s Hospital

Healthcare CIOs have hopefully all now heard and heeded the warnings regarding enhancing their organization’s cybersecurity posture, both in terms of technological sophistication and of staffing and staff awareness. Clearly this new threat has grown exponentially over the course of the last several years, and it seems likely that it will continue to escalate further. The financial and reputational costs of a breach are very large and often last for years, as witnessed by recent multi-million dollar fines levied against organizations several years after the initial incident occurred.

"During our anonymous attack experience, we withstood a number of different disruptions, each of which caused different operational challenges for us"

Yet I remain concerned that our focus has been too narrow, with the safeguarding of our patients’ data as the primary issue. Of course, we obviously must ensure that this data remains well-protected and out of the hands of the “bad guys.” We have certainly heard about the value of health records on the open market and how it remains enormously profitable for hackers to go after this information. And as mentioned above, there’s obviously the very real concern of very large financial penalties imposed on organizations for HIPAA violations, and all the other financial losses that go along with a breach.

But there’s an important lesson that I learned back in 2014 when the hacktivist group Anonymous attacked us at Boston Children’s Hospital, and that I have seen play out more recently at hospitals around the country that likewise have been subject to ransomware and other cyberattacks. And that’s that these cyberattacks have the ability to cause major disruptions in the actual provision of care to patients, and to the general operations of a healthcare organization.

During our anonymous attack experience, we withstood a number of different disruptions, each of which caused different operational challenges for us.

First, we experienced a massive distributed denial of service (DDoS) attack on our network, which briefly caused an interruption in both inbound and outbound Internet access. During that interruption, any clinical function that depended on Internet access was rendered unavailable. As an example, even though our EHR remained functional, the ability for providers to electronically send prescriptions to pharmacies was temporarily impacted, and manual workarounds had to be implemented. Had the outage lasted longer, other more fundamental operational tasks would have required workarounds as well—for example, the ordering of medical supplies to maintain sufficient par levels throughout the enterprise, or even sending employee payroll information to banks.

We also experienced direct attacks on exposed firewall ports and services, requiring us to shut down patient and provider portals, research projects and philanthropy sites, all as a means of protecting ourselves from these attacks. All of these actions, while necessary to ensure the security of our network, had significant disruptive effects on our communication with our patients and referring providers, research collaborators around the world, and to potential donors to our organization.

Finally, we experienced a massive influx of malware-laden, spear-phishing emails, designed to provide a means for the attackers to get access to the portion of our network behind the firewall, and in turn to sensitive applications and data. We needed to ensure all malicious email was quarantined appropriately, and an alert was sent out to staff about the absolute importance of not clicking links or opening attachments unless absolutely sure that they were safe. To this end, we took a proactive step, and temporarily shut down our entire email system. As with the shutdown of our external web sites, this was an extremely disruptive action, though one which we felt necessary. Communication in a large organization is severely impacted without email, and though we all sometimes wish for an “email holiday,” many critical operational functions rely on email as their mechanism for communication. It was only because we had fortuitously recently implemented a secure internal texting platform (for HIPAA compliance) that we had an alternative means of electronically communicating critical information to our staff during this email downtime period.

These examples serve to highlight that strong defenses as well as operational contingency plans need to be put in place to safeguard our organizations and our ability to ensure clinical operations. Although protection of data is clearly a high priority, I submit that ensuring that we are able to effectively and safely provide care for patients is priority number one.

Read Also

A Workflow Makeover

A Workflow Makeover

Rich Temple, VP/CIO, Deborah Heart and Lung Center
Collaboration: The Key to Progression

Collaboration: The Key to Progression

Cletis Earle, CIO, Kaleida Health
Transforming Health Care for the Consumer

Transforming Health Care for the Consumer

Laurent Rotival, SVP of Strategic Technology Solutions and CIO, Cambia Health Solutions
Mobility: Key Enabler For Clinicians To Care For Patients

Mobility: Key Enabler For Clinicians To Care For Patients

David Lafferty, CIO, Tidewell Hospice
Top 20 Connected Health Solution Providers - 2017

Top 20 Connected Health Solution Providers - 2017

Connected Health Special

Featured Vendors

  • Reemo Health: Reimagining the Senior Living Experience
    Reemo Health: Reimagining the Senior Living Experience
  • WiseThink Health Solutions: Helping People Adopt Healthy Habits
    WiseThink Health Solutions: Helping People Adopt Healthy Habits
  •  SenceTech & Planexta: Revolutionary One-Wrist ECG & HRV Wearable
    SenceTech & Planexta: Revolutionary One-Wrist ECG & HRV Wearable
  • Seremedi: Delivering High-Acuity Patient Care at Home
    Seremedi: Delivering High-Acuity Patient Care at Home
Copyright © 2019 Medical Tech Outlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.
follow on linkedin follow on twitter
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

connected-health.medicaltechoutlook.com/cioviewpoint/cybersecurity-and-healthcare-it-s-not-just-about-protecting-the-data-nwid-24.html?utm_source=google&utm_campaign=medicaltechoutlook_topslider