Issue link: https://beckershealthcare.uberflip.com/i/534828
80 Health IT Andy Nieto, health IT strategist for DataMotion, a provider of secure data delivery solutions, agrees that data security should be something healthcare leaders discuss externally. However, he adds the caveat that strong security can be both an enticement and deterrent to hackers. "Security is an active reality in that it combines the elements of a show of force, a show of strength and a show of power as well as not disclosing details about what that power is," Mr. Nieto says, illustrating his point with the ex- ample of Air Force One. "They describe it as being the most advanced aircraft with self defense measures ever made, but they never talk about what those self defense measures are." In healthcare, Mr. Nieto says, hospitals should communicate that they are actively addressing security through programs, measures and solutions, with "active" be- ing the key word, as it indicates a continuing evolution and a state of constant monitoring. Security is a constant concern. There is no end goal, and healthcare organizations should communicate this message with the public, he says. Finding strength in numbers Discussing cybersecurity can do more than just reassure patients that their privacy is a key priority and potentially deter hackers from trying to infiltrate a system. Talking about security threats with other industry members can actually help bolster an organization's defense. Rick Kam, president and cofounder of ID Experts, a provider of data breach, incident response and resolution software and services, offers the example of the financial industry, which in the face of a string of attacks developed a coalition to share threat information. The financial services industry has long been the target of criminal attacks, "because that's where the money was," Mr. Kam says. To mitigate threat risks and be proactive about security, the financial services in- dustry started working with the Financial Services Roundtable, an advocacy or- ganization for this sector, to freely share threat knowledge and information. FSR members include approximately 100 of the largest financial institutions, includ- ing banks such as Bank of America and Fifth Third Bank, credit card companies such as Visa and Discover, and payers including State Farm and The Hartford. "That particular industry…made security a noncompetitive issue so they could share information freely about threats, attack vectors and all the things that are important to understand so you can defend yourself better," Mr. Kam says. The healthcare industry is slowly moving in this direction. The House of Representatives recently passed two cybersecurity information sharing bills — the Protecting Cyber Networks and National Cybersecurity Protection Advancement acts — that provide legal protections for private companies to share cyber threat information and indicators with one another, as well as to the federal government. Cyberattacks are a relatively recent threat to healthcare, Mr. Kam says, largely because cyber criminals previously did not perceive medical information to be as valuable as other types of information. That, however, has changed. Don Jackson, director of threat intelligence at PhishLabs, told Reuters that stolen health credentials are sold for 10 to 20 times higher prices than stolen credit card information, as hackers can use health data and insurance infor- mation to commit medical identity theft and medical fraud. Given healthcare's recent entry into the threat radar, Mr. Kam says it is un- derstandable that the industry hasn't yet made progress in this type of non- competitive collaboration like the financial industry has. But, he says, the time has come to do so. "We weren't under attack, but we are now," Mr. Kam says. He advises or- ganizations to "band together, collaborate, implement best practices, share information around security as well as threat and attack vectors coming in against health systems." The medium is the message While the content hospitals and health systems communicate to the public is important, so is who says it. The words of certain individuals speaking on security programs carry greater weight than others. "If you ask the CMO of a hospital, 'What do you think of our security?' and he says, 'We have a great security program here, our patients' information is absolutely protected,' that's much different than a CISO who's directly re- sponsible for [security] and has intimate knowledge of the program saying the same thing," Mr. McMillan says. "The CMO is basically stating his opin- ion. He really doesn't know how good the program is." The CISO or any other IT leader, on the other hand, is speaking from a posi- tion of inside knowledge, and such individuals should take extra care in the claims they make, according to Mr. McMillan. "There's nothing more fun than to embarrass the CEO after he said he's per- fect or a CISO who's bragged on his security or the job they're doing," Mr. McMillan says. "Let somebody else do the bragging for you." n Partners HealthCare Launches Epic EHR for $1.2B By Emily Rappleye I n early June, Boston-based Partners HealthCare launched what is its biggest single investment to date — a $1.2 billion information technology system, according to The Boston Globe. The EHR, developed by Epic Systems, took three years to build and costs double its initial price tag of $600 million, according to the re- port. The new EHR will streamline disparate software programs across Partners' 10-hospital, 6,000-physician network. Partners aims to have one record per patient across its entire network so physicians, nurses and other clinical staff can access up-to-date information easily. Partners hired 600 employees and consultants to build and implement the system and onboard staff. Partners first launched at the Brigham, Partners' Faulkner Hospital campus, Dana-Farber Cancer Institute and in its home care division. Partners will continue to implement the technology throughout its network over the next two years, according to the report. n BECKER'S HOSPITAL REVIEW CEO ROUNDTABLE + CFO/CIO ROUNDTABLE Register at www.beckershospitalreview.com 44 CEO SPEAKERS • 33 CFO & CIO SPEAKERS • 99 HOSPITAL SYSTEM SPEAKERS KEYNOTES BY CLEVELAND CLINIC CEO DR. TOBY COSGROVE & ASCENSION CEO DR. ANTHONY TERSIGNI