Inside CHIME: As Cyber Risks Grow, Diligence is Key

Inside CHIME - header

3.2.17 by Lisa Schulte
Vice President, AEHIS, AEHIT & AEHIA Foundations

At cybersecurity forum, CISOs talk about the importance of education, training and aligning organization priorities.

In March 2014, Boston Children’s Hospital was notified about an impending cyberattack by Anonymous. The alert from an external cyber intelligence group set several wheels in motion, including convening the hospital’s incident response team to handle contingency plans, with particular focus on potentially having to go dark and cutting the hospital off from the rest of the internet if necessary.

Daniel Nigrin, M.D., senior vice president and CIO at Boston Children’s, shared his experiences managing the potential attack at last week’s cybersecurity forum jointly organized by HIMSS, CHIME and AEHIS. Nigrin detailed some valuable lessons:

  • Countermeasures are critical
  • Know which systems depend on internet access and have contingency plans in place
  • Recognize how important email is to the organization
  • Create alternate methods of communication
  • Push through security measures – no excuses, secure teleconferences and make sure you know which
    threats are real, and not just noise.

The forum, held at the beginning of HIMSS17, was aimed at sharing critical ideas for improving cybersecurity. Karl West, CISO and assistant vice president of information systems at Intermountain Healthcare, stressed that the demand for access data at any time and from any place has “increased productivity, but, at the same time, has elevated risk.” According to West, the biggest threat comes from employees, contractors and customers. The best defense, he said, is education.

Ronald Mehring, vice president of technology and security at Texas Health Resources, said it is important for organizations to develop an assessment program aligned with the business risk profile and leadership expectations. Penetration testing, an assessment approach where security controls are purposely evaded in order to detect vulnerabilities, is one tool that CISOs can utilize.

Reinforcing Mehring’s point, Mitchell Parker, executive director, information security and compliance, Indiana University Health, said that it is critical to talk with the board of directors and senior management about prioritizing cybersecurity and allocating sufficient resources.

More Inside CHIME Volume 2, No. 5: