'Change management is key' for maintaining remote cybersecurity
News stories about ransomware have dominated headlines in the past few years, with healthcare facilities and hospitals high on the list of frequent victims.
And although cybercrime has long been a threat, the COVID-19 pandemic has intensified the potential risks.
"If you look at where we are today from a security perspective, what we've seen is that our threat factors have substantially increased," Sri Bharadwaj, vice president of digital innovation and applications at Franciscan Health, said in an interview with Healthcare IT News.
"In the past year alone, lots of those kinds of activities have heated up," he added. Bharadwaj, who will be discussing the topic at the HIMSS Cybersecurity Forum this December, pointed to several reasons for the change.
One, he said, is that some organizations are hard-strapped for resources. Hospital revenue is down because of the crisis, and security can fall through the cracks.
In addition, "a lot of people left the workforce," he said.
Federal agencies and other stakeholders have raised the alarm about the need for more employees in cybersecurity, with the Biden administration devoting funds toward training and recruiting individuals, especially those from underrepresented communities.
"We've deployed a lot of tools, but the people needed to manage the data from those tools are not there," Bharadwaj said.
In addition to the economic perspective, Bharadwaj pointed to the expansion of the hospital environment beyond the brick and mortar facility – such as via remote patient monitoring or telehealth – and the effect that expansion can have on vulnerabilities.
"When patients come into the hospital, we are managing the environment," he said. "But we are now pushing devices into patients' homes."
Doing so, as Bharadwaj has previously discussed, raises challenges about securing, managing and maintaining connected devices.
"Security is not just within four walls," he noted.
Beyond the threat of hackers, there's also a basic privacy issue. A patient trying to have a confidential conversation with her doctor via video chat may be unable to find an area where another person won't overhear the discussion.
"That has a lot of people worried in terms of how they're able to communicate," he said. Overall, he said, the spike in telehealth use during the pandemic has meant "great, fantastic things have happened, but now we've got these other issues."
To begin addressing such concerns, he said, "Change management is key – not just with the physician, but with the patient too."
Steps should be taken to help the patient understand that they should be in a quiet place for their virtual visit. Patients should also ensure to the best of their ability that their device is secure.
Meanwhile, on the physician side, Bharadwaj said a clinician should try to create an environment with few distractions. Being rushed or frazzled, he said, can widen the scope for errors.
Security professionals should work with clinicians on what they need from an IT perspective and help them get up to speed "before it becomes a problem."
"This is what we can do to get the process started," he said.
It's vital to remember, too, that up-to-date security tools are only part of a robust defense framework. In addition, communication, such as how to recognize phishing attempts, is a major factor.
"It's subtle, but important," he said.
And working with device and software vendors to safeguard security from the get-go should be a priority.
"Make sure you're talking to the right third parties, not the guy that built something up from the garage," he advised.
Bharadwaj said he hopes panel attendees understand that innovation is going to continue to happen at an increasingly faster pace.
"CISOs [chief information security officers] should be prepared to work with their teams to deliver what they want," he said. "Otherwise, the innovation they'll continue to do will be without security."
At the HIMSS Cybersecurity Forum event, Bharadwaj will continue the conversation with ChristianaCare CISO Anahi Santiago and tw-Security Chief Executive Officer Tom Walsh. Their virtual panel, "Telehealth and Remote Patient Care: Overcoming Data Security Challenges," is scheduled for 3:10 p.m. ET on Monday, December 6.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.