Privacy & Security

IT security in Healthcare is part of the headlines every day. It has always been a top of mind issue as protecting Healthcare is critically important. The need for better security is going to escalate, as the importance of data sharing, interoperability and IoT continue to become essential to improve the quality of care and reduce costs.  During this webinar, you’ll learn: How organizations can simplify configuration, patching and governance to networks, multiple operating systems and applications though Ansible’s open technology How your peers are protecting themselves against the future perils of a connected Health system

Network reliability and availability of fiber-based services are acknowledged as key contributors to success at rural healthcare organizations adopting new care delivery models, but these same organizations also acknowledge challenges with funding and clinician buy-in in their efforts to enhance healthcare delivery. During this webinar, Bryan Fiekers, senior director of Research Services for HIMSS Analytics, will share the results of a new research study that explores the impact of connectivity on rural hospitals. In addition, Fiekers will offer actionable insights and prescriptive guidance into how rural healthcare organizations can gain the connectivity needed to help advance key clinical initiatives.

As WannaCry and NotPetya have demonstrated, connected medical devices in operation today were not designed with security in mind. In fact, many were not initially designed to be networked and certainly not exposed to the Internet. EMR and other initiatives have accelerated the need to network medical devices at the risk of security exposure. With traditional IT security solutions unable to secure connected medical devices, there are no easy answers to address the risk to the millions of devices currently in operation. Dr. Maia Hightower, CMIO of Iowa University Health Care and Dr. May Wang, CTO of ZingBox will review the approach many organizations are taking to safeguard their network of connected medical devices and advancements that can be expected in the future.  Join this presentation to learn: How and why hackers are aiming to disrupt healthcare services Review real world scenarios and their significant impact to the healthcare organization Tools and processes healthcare organizations should focus on for the future

Patients are now choosing healthcare providers who focus on protecting their information.

As healthcare networks become more complex, the number of potential access points will continue to grow. As a result, there are more openings for hackers looking for opportunities to enter your network. By designating different parts of your network for different functions such as cloud solutions versus on premises solutions, you can mitigate the risk and add a stronger layer of protection. In this webinar, Chad Wilson, Director of Information Security, Children's National Health System will discuss how cloud and network segmentation can be an effective tool in a cyber-security arsenal. He will share the results of monitoring that demonstrate real-world incident reduction, and explain how to maintain a more vigilant posture for networks today and into the future.

Your medical devices are critical assets in your facility and a dedicated asset management solution might seem like a very sound investment. Try building a business case around it and you will realize it is not as simple as that. The problem is medical device management is not just about asset management - there are several other equal critical dimensions, all equally important towards ensuring hassle free medical device operations.

In this webinar, you’ll learn where the cloud providers responsibilities end and yours begin, and how a solution such as Armor can help reduce the burden of the shared responsibility model.  

Since before 2013, hospitals and other healthcare facilities knew that falls were a serious problem, and massive resources were marshalled to reduce or prevent patient falls. In January 2013, the Agency for Healthcare Research and Quality commissioned a RAND Corporation/Boston University School of Public Health Report titled "Preventing Falls in Hospitals: A Toolkit for Improving Quality of Care." The toolkit estimated that between 700,000 and 1,000,000 people would fall in a hospital in 2013. What followed was an intense period of staff education and awareness training, monitoring of falls risks, implementation of numerous fall prevention programs, and development of countless resources to focus on fall risk. Thousands of hospitals around the country participated in Hospital Engagement Networks, which focuses on 10 patient safety initiatives established by the Centers for Medicare and Medicaid Services. It appears that some reductions are being accomplished. In a 31-state project coordinated by the American Hospital Association’s Health Research & Educational Trust, participants reported a 6 percent relative risk reduction in falls for 325 participating hospitals. But some anecdotal information is not so rosy. In fact, in some published results, falls actually increased from 2013 to 2016,  and one institution reported a ten-year effort still failing to reach safety benchmarks. National data of the type readily available prior to the toolkit’s publication are not easy to find. However, for the purposes of this article, one should suppose that the overall focus on fall prevention was a success and that a significant number of falls were prevented. All very interesting, to be sure. What does this have to do with emails and patient safety? It is now a documented fact that EHR data irregularities can cause negative patient care. In one study conducted using the VA health system EHR, 24 of 100 incidents surveyed caused a patient care error due either to software design conflicts, inappropriate access credentials, or corrupted files or databases that prevented entry of diagnoses and orders or retrieval of patient information. In another study, 80,381 EHR event reports were analyzed, and 76 of those reported incidents described a patient safety issue that correlated to EHR unavailability. The majority of the patient safety issues resulted from lab order and result irregularity, with the second most common issue being medication administration and order errors. The correlation between EHR corruption and email also could not be more clear. One recent example of this occurred at the Washington University School of Medicine in December of 2016, where an employee responding to a typical "phishing" exploit gave outsiders access to more than 80,000 records. Phishing (and now "spearphishing" or "whaling") are the most easily and commonly exploited vulnerabilities in systems, with the average time between the target receiving the contaminated email and clicking on the attachment being two seconds according to statistics cited by the FBI in meetings. So can we learn anything from the systematic approach to fall risk prevention and apply those lessons to the pandemic of email phishing risk? Here are the top strategies identified in the Toolkit: Any change in this environment requires support of top organization leadership. You cannot have an organizational ethos of "don’t click on attachments to email" if your human resources department, compliance department, other reporting departments – or you as the CEO or CIO – constantly send out attachments to emails and ask/demand that employees read them. Top organizational leadership needs to endorse a change in the "convenience culture" of email attachments. One solution may be to create a document center to which employees will be directed to read lengthy documents but provide a summary in the email itself – not an attachment. The problem fundamentally is not a technology problem: it is a people problem. Because employees are the risk vector and their behavior is seemingly unchangeable, line employees must be engaged in developing a plan to convince themselves not to continue to be caught by phishing attempts. Empowering employees to report suspect behavior of others, providing a main emergency line to obtain a response for the "inadvertent click", and rewarding employees who respond favorably to training are the kinds of things that employees would typically recommend to fix these problems. However, there may be more novel solutions that resonate in your culture and work environment. Test strategies to see if they reduce risk. The toolkit acknowledges that "no matter how good your program is, if it is not used by the staff it will not be successful." One key to this is the set standard procedures that apply universally throughout the enterprise, and allow no variation from those procedures. Another is "creating visual cues or reminders in physical locations, such as logos indicating elements of the plan." Testing an email compliance strategy must also involve internal phishing attempts to see whether employees are complying – and then publishing the results of compliance and non-compliance. Including the names of senior administration and physicians who do not comply with the guidance will make the effort feel universal. Also, don’t limit testing to "typical" phishing. Some authors suggest using social engineering to "spear-phish" select employees and then publish the results with suggestions to change your online profile. Use technology to monitor risk. In addition to an inbound email "sandbox" that automatically checks attachments and links on email, blocks on personal email accounts on workplace computers and devices would be prudent. Most people have smartphones that can access this email, and corporate policies should not permit personal email use for PHI exchange. Systems should also be configured to monitor compliance with email policies. Training, training, and more training. Combine visual and audible training techniques. Change the way that messages are communicated, perhaps using your public relations or marketing department(s) to craft a different approach. Alternate online and in-person training. If you think you are communicating enough, you probably aren’t. Attitudes about solving the problem have to change. At the beginning of the effort to reduce falls, authors commented that "changing the prevailing nihilistic attitude that falls are 'inevitable' and that 'nothing can be done' is required to get buy-in to the goals of the intervention." The same complaints surely can be lodged against any initiative to convince employees not to respond stereotypically to phishing campaigns. A multifaceted program, of training, auditing, testing, and appropriate discipline should be deployed to reduce the institution’s risk.

How can IT departments enable prompt sharing of harmonized clinical information for decision support and protect it at the same time? Join this webinar to learn best practices for allowing contextual access – based on the rights the user has been granted to access specific types of data for specific situations.

In this webinar, CISO of RWJ Barnabas along with Intel and VMware will discuss the key areas of exposure and top 5 security strategies to combat the threat of ransomware.