Healthcare
leaders
are
finally
starting
to
take
cybersecurity
off
the
back
burner,
with
most
provider
and
payer
organizations
ramping
up
their
spending
in
this
area
in
the
midst
of
proliferating
cyberattacks.
During
a
panel
discussion
held
Wednesday
at
MedCity
News’
INVEST
Digital
Health
conference
in
Dallas,
healthcare
leaders
shared
their
insight
on
what
needs
to
change
in
order
to
improve
the
industry’s
defense
posture
and
resilience
to
increasing
threats.
There
needs
to
be
an
organization-wide
culture
of
awareness
When
it
comes
to
cybersecurity,
a
company
is
often
only
as
strong
as
its
weakest
link,
pointed
out
Andrew
Molosky,
CEO
of
Tampa-based
Chapters
Health
System
as
well
as
its
subsidiary
CareNu,
which
focuses
on
value-based
care
in
the
Medicare
Advantage
space.
One
employee
opening
a
phishing
email
could
be
all
it
takes
for
a
cybersecurity
disaster
to
strike,
so
healthcare
organizations
must
build
a
culture
of
cybersecurity
awareness
among
all
employees,
he
said.
“We
have
clinical
protocols,
financial
protocols
and
technological
protocols
for
all
our
environments.
If
you
have
the
notion
that
for
some
reason
cybersecurity
is
a
task,
or
that
it’s
just
a
department,
or
that
it’s
somebody
else’s
problem
—
you’re
already
off
to
a
bad
start,”
Molosky
declared.
“When
everybody
wearing
a
name
badge
for
the
organization
in
any
capacity
recognizes
this
as
being
just
as
critical
as
the
procedures
or
as
the
pharmaceuticals
or
as
any
other
component
of
the
medical
delivery,
then
all
of
a
sudden
you
have
an
actual
cultural
awareness.”
In
order
to
improve
their
defense
posture,
healthcare
organizations
need
to
make
sure
that
all
employees
have
at
least
basic
cybersecurity
training,
he
noted.
In
his
view,
cybersecurity
can’t
be
viewed
as
a
specialized
practice
—
it
must
be
a
core
consideration
in
the
organization’s
daily
operations.
New
tech
must
be
built
with
a
high
regard
for
cybersecurity
Healthcare
organizations
are
adopting
new
technologies
at
a
rapid
rate
—
a
report
released
this
week
by
Bain
&
Company
and
KLAS
Research
showed
that
three-quarters
of
the
nation’s
providers
and
payers
say
they
have
increased
their
tech
and
IT
spending
over
the
past
year.
With
all
this
new
technology
also
comes
additional
risks,
noted
John
Mowery,
chief
information
security
officer
at
Houston
Methodist.
“We
can’t
manage
the
deluge
of
the
innovation
that’s
coming
in,
nor
the
immaturity
of
the
security
of
those
[tools].
That’s
a
tidal
wave
that
we
can’t
manage,”
he
declared.
As
new
solutions
continue
to
enter
the
market,
the
industry
needs
to
come
together
to
ensure
these
tools
are
being
built
with
a
security-first
mindset,
Mowery
said.
He
also
noted
that
it’s
important
for
hospital
leaders
to
stay
engaged
with
their
innovation
ecosystem
and
try
to
be
aware
of
all
new
technologies
that
are
being
deployed
within
the
organization.
Oftentimes,
a
new
tool
will
be
introduced
in
a
physician
network
or
specialty
group,
and
then
the
hospital’s
cybersecurity
leaders
won’t
find
out
about
it
until
it’s
nearly
installed,
he
said.
“That
creates
challenges
and
risk
for
the
organization,
but
also
it
increases
the
burden
on
us,
because
we
now
have
to
go
figure
out
how
to
remediate
all
of
that
risk,”
Mowery
explained.
Maybe
healthcare
needs
some
more
cybersecurity
leaders
from
outside
the
industry
Healthcare
organizations
looking
to
build
out
their
cybersecurity
programs
should
look
for
leaders
with
a
diversity
of
experience,
recommended
Ben
Schwering,
chief
information
security
officer
at
Premier.
“A
lot
of
times
when
I
talk
to
healthcare
organizations,
or
I
see
job
postings
for
security
leaders
or
engineers,
I’ll
always
see
‘must
have
10+
years
in
healthcare’
or
‘must
have
25
years
in
healthcare.’
I
don’t
agree
with
that.
I’d
much
rather
see
someone
with
some
diverse
experience
come
in
because
they
will
look
at
things
in
a
new
way,”
he
explained.
Leaders
who
come
from
outside
the
healthcare
world
will
often
flag
things
that
might
go
unnoticed
by
people
who
have
been
hyper-focused
on
healthcare
for
their
entire
careers,
Schwering
noted.
Photo:
Nick
Fanion,
Breaking
Media