As a first-time attendee of the Global 2019 HIMSS (Health Information and Management Systems Society) conference in Orlando, Florida I was awestruck by the magnitude of this event. The conference featured over 45,000 participants, 1,300 vendors and five days of interactive learning with our Director of Software Development Mike Zinni. Mike and I signed up for many workshops and interactive talks in key interest areas such as cybersecurity, ransomware, interoperability, and new technologies to help improve patient care and outcomes. In addition, we learned about the history of HIMSS and that it started in 1961 through collaboration with the Georgia Institute of Technology. Given its long history in improving hospital management systems, it is no wonder it continues to grow its membership at a double-digit rate. HIMSS has brought together many healthcare experts for years and had Steve Jobs as the keynote speaker back in 1993. The members are a diverse group of professionals and vendors from international healthcare organizations who assembled to learn best practices and new technologies. Attendees included such as CIOs, clinicians, system analysts, CNOs, and CEOs. These leaders and emerging leaders are engaged in learning new ways to improve and safeguard healthcare for all through technology and collaboration (HIMSS, 2019).
While attending the workshops and info sessions, Mike and I shared a few thought-provoking takeaways important enough to highlight with both our team members and clients. The first being that medical data is worth a lot of money! For example, on the dark web, a credit card number is worth $1.00 compared to $400.00 for a personal medical record. It is no wonder the influx and massive increase in the number of cyber-attacks focused on hospitals and healthcare organizations. Second, despite the fall in the value of bitcoin and cryptocurrency, cybercriminals are getting increasingly creative and coming up with new ways to exploit and steal money from healthcare organizations. My third take away is the rise in attacks to IoT exploits (internal medical devices) and unsecured mobile devices such as cell phones, tablets or monitoring equipment. Imagine that your loved one just received a lifesaving internal insulin pump or pacemaker that was hacked by a cybercriminal whose sole intent to exploit money or cause physical harm and inflict fear.
To overcome these challenges, risk managers and leaders must be more proactive by developing a risk management system to help organize and categorize all risks. This can help identify unknown potential entry points and leaks of information from users, vendors, IT, and EMR systems. Investing in security monitoring technology is another great step to help mitigate your risks and guide the risk management team to minimize potential threats. In our organizations, this includes having a security dashboard sharing ongoing security risks and recommendations/ remedies we can share with our team members, clients, vendors, API integrations, websites, and third-party sites linking all data points both onsite and offsite. Lastly, implementing a data breach security written process that is shared between leadership and stakeholders. This should include select teams of both internal and external experts along with trusted vendors to perform mock drills, so they are ready to handle an actual cybersecurity incident or data breach in your organization. The process should also spell out the various strategies to overcome this challenge and list team members and vendors in charge of overseeing the cyber threats in addition to estimating the costs associated with remediating them. Having this process in place will help ease your executives’ nerves by giving them a step by step implementation plan for responding to a cyber incident, including closing the entry points, accessing damages, best practices for notifying the victims of the attack, and proactive steps you have taken to help solve the problem.
Finally, the HIMSS global conference and membership is of paramount importance to our organization as we are continuing to learn best practices and protect the sensitive data of our caregivers, students, organizations, clients, and subcontractors. At our organization, although we have many of these processes, technologies, tools, and strategies in place we are committed to new partnerships and techniques to help us stay one step ahead of the cybercriminals. In this sense, we are always strengthening and increasing the integrity and security of our software and coding practices thus allowing us to care for the future of healthcare without interruptions.