Inside CHIME: As Cyber Threats Grow, Industry Must Pull Together

Inside CHIME - header

Weinstock 70x70 3.17.16 by Matthew Weinstock
Director of Communications and Public Relations, CHIME

CHIME leaders are spreading the word about the immense cybersecurity challenges facing healthcare and the need for all segments of the industry to develop strategies for protecting patient information.

Healthcare is ground zero for cyberattacks. As CHIME members know all too well, the threats are getting more sophisticated and more frequent.

“Your system is under attack right now,” CHIME President and CEO Russell Branzell warned during a session at this week’s American College of Healthcare Executives 2016 Congress. “Think about all of the different people who have access to your network and the different ways that they can get in.”

Branzell put the issue into context for ACHE attendees, most of whom are not intimately involved with health IT. Financial identification generally fetches $1-$3 on the black market, he said, whereas a medical ID is worth $7-$10. A serious breach, he said, could be a bankruptcy event for a hospital or health system that doesn’t have the right risk mitigation policy in place.

From mobile devices to insurance, executives and boards must take a more active role in spelling out a hospital’s policies procedures. There needs to be a board-level risk management strategy to address cybersecurity, Branzell said. By the same token, it is incumbent on CIOs and CISOs to proactively engage leadership on the seriousness of the issue.

It is also important that the industry ramp up efforts to share information and best practices, rather than trying to reinvent the wheel. To that end, the Department of Health and Human Services yesterday named members to a task force mandated by the Cybersecurity Information Sharing Act of 2015. CHIME board members David Finn, health information technology officer at Symantec Corp., and Theresa Meadows, R.N., vice president and CIO at Cook Children’s Health Care System were appointed to the 21-member panel. Over the course of the year, the task force analyze how other industries are addressing cybersecurity. The task force is also charged with assessing barriers that healthcare organizations face in protecting against cyberattacks and developing a plan for sharing information across the industry and with the government. A report is due to Congress in the next year.

“The cyber threat landscape has never been more dangerous, but that doesn’t mean we stop sharing information,” Finn said. “It means we have to find better, more secure ways of doing that. That’s my hope, not only as someone involved in the industry for almost 30 years and as a security professional, but as a patient.”

It’s clear, Finn added, that “government can’t solve this along, nor can the private sector. It is absolutely critical to have collaboration in addressing cybersecurity across all sectors. Data breaches, ransomware, hacks and other threats negatively impact everyone and everyone must come together to solve those problems.”

More Inside CHIME Volume 1, No. 13: