Webinar Re-Cap: Hidden in plain sight: Unseen security threats may cost your organization

As the frequency and cost of cyberattacks on healthcare organizations continue to grow, hospital and health system leaders are making improved data security a top priority.

During the Becker’s Hospital Review webinar, “Hidden in plain sight: Unseen security threats may cost your organization,” sponsored by MediQuant, four data security experts discussed strategies that organizations can use to better protect their data while identifying cost-saving opportunities.Panelists included:

• Dr. Kel Pults, Chief Clinical Officer, VP of Government Strategy, MediQuant
• Michael Archuleta, Chief Information Officer, HIPAA & information Security Officer, Mt. San Rafael Hospital (Trinidad, Colo.)
• Ray Lowe, senior vice president, Chief Information Officer, AltaMed Health Services (Los Angeles)
• Yoemy Waller, Chief Information Officer, Lake Health District Hospital (Lakeview, Ore.)

During the webinar, panelists shared these three key insights:

1. Spotting high-risk systems and reinforcing IT infrastructure are keys to thwarting cyberthreats.

Frequent, increasingly sophisticated cyberattacks are exposing healthcare organizations to data breaches and also to care interruptions, compliance issues and financial penalties.

High-risk systems include those that use parameter-based security protocols, such as VPNs, firewalls and encryptions. Lake Health is replacing those protocols with zero-trust network authorization architecture, Ms. Waller said.

Hackable medical devices, such as pacemakers and oximeters, are another type of high-risk system that Lake Health is reinforcing by creating a secure pipeline underneath them.

2. Organizations need to adopt advanced measures for handling cyberattacks.

One of those measures, which AltaMed has implemented, is using AI-powered software that informs users about the severity of an attack in real time. “It’s given us really good visibility, so we are able to isolate and handle attacks in a much nimbler way,” Mr. Lowe said.

Other measures include multi-factor authentication and role-based security protocols that specify who should be able to access which data (also known as privileged access management).

3. Decommissioning obsolete data infrastructure is an essential strategic step in strengthening data security.

Legacy applications and hardware are especially vulnerable to data breaches. Decommissioning them as better products become available can drastically reduce the likelihood of a cyberattack.

“When you consolidate all of your legacy systems into one archive, you’re shutting down a lot of access points for somebody on the outside to get in. By reducing the footprint, you’re reducing the security risk,” Dr. Pults said. She explained that decommissioning programs also signals an organization’s shift from managing individual project risk to adopting a more holistic governance plan.

Mr. Lowe highlighted the need for proactive leadership in carrying out decommissioning initiatives: “IT leaders need to help business colleagues understand how [modern or updated] applications can save the organization money and what is the cost of a breach.”