CISO's biggest fear: 'what I don't know'

How data loss prevention software helps boost her awareness
By Mike Miliard
April 29, 2014
11:22 AM

DLP software is installed across an enterprise, "it discovers and indexes where all your sensitive information is," says McMillan. "Then, based on the rules that you specify, in terms of where it can live, where it can go, how it has to be transmitted, what devices it can go on, etc., it basically watches what people are doing."

In this case, this nurse "was doing some legitimate research," he says. "She asked for some subset of patient information to support her research, which is all fine and good.

"The expectation was that she would be doing this research at the hospital," he adds. "But she, of course, like a lot of people, got into a time crunch and decided, 'I'll just send it home and work on it there.' She wasn't a bad person, she was just trying to get stuff done."

Fortunately, "the system noticed, and said, 'You can't send 9,000 patient records through Yahoo!,' and it stopped that transmission," says McMillan. "Even well-intentioned users will break the rules occasionally, not meaning to. Unless you have the right technological controls in your architecture to help protect against those things, you can have all the policies and procedures in the world, and it ain't gonna save you."

A 9,000-record breach is a big deal, after all – and could cost hundreds of thousands of dollars to settle.

"That incident alone, had it happened, would have (cost as much) as their DLP solution three times over, easily," says McMillan.

Even with an added layer of watchfulness thanks to DLP, Roszkowski still has plenty keeping her on her toes, of course. Like everywhere, mobile technology is a constant challenge. Encryption and PINs are used on every device that has any Fletcher Allen data, she says, but as far as a broader device management strategy, "We're looking at different approaches."

Sometimes life as a CISO can feel like "controlled chaos," she admits.

Even so, while "every day is different for me, every day has a purpose," says Roszkowski. "That's the biggest thing my team and I understand: It's all toward the same goal."

Topics: 
Data Warehousing, Mobile, Privacy & Security

More regional news

HIMSSCast logo

HIMSSCast: Caregiver input needed for allocation of investment dollars

By
Bill Siwicki
November 15, 2024
HHS Building

Trump picks RFK Jr. to lead HHS

By
Susan Morse
November 15, 2024
Sign outside FDA office

Lawmakers ask CDRH to revisit its CDS guidance

By
Andrea Fox
November 15, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Atrium Health responds to new social engineering attack
Vendor Notebook: New cybersecurity and EHR performance upgrades 
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
Dr. Keisuke Nakagawa at UC Davis Health_Global Health Equity Week 2024
How artificial intelligence is changing the equation for SDOH integration
Andrea Hsu at National Science and Technology Council_HIMSS24 APAC
Fostering health IT innovation through academic-industrial collaborations
Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health

More Stories

HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'
Avihai Sodri of Antidote Health on telemedicine
How virtual-first can improve outcomes and make care more affordable