Privacy and Security Forum Boston 2016: Top 5 takeaways

CISOs, CIOs and infosec pros gathered this week to tackle a range of security matters, from breach response to worsening cyberattacks to ways in which health IT pros are heroes. Here's a look at the highlights.
By Tom Sullivan
04:12 PM

The HIMSS and Healthcare IT News Privacy & Security Forum took place this week in Boston, and during the three-day event more than 40 speakers took the stage.

Topics ranged data breaches, of course, to the role virtualization technologies can play in a provider's cybersecurity arsenal.

Here's a quick list of highlights:

1. Cyberattacks are going to get worse. A lot worse, according to former NSA senior counsel Joel Brenner, who said during the opening keynote that healthcare is facing international cyber-espionage on an industrial scale. "If espionage is not the oldest business in the world," Brenner said, "it’s the second oldest."

2. Onsite HIPAA audits are coming in 2017. Linda Sanches, a senior advisor at Health and Human Services Office for Civil Rights, said any individual organization's chances of actually getting audited are pretty slim. UPMC vice president of privacy and associate counsel John Houston, however, called on OCR to deliver more guidance about HIPAA risk analysis.

3. Healthcare executives must have a plan in place for breaches. Partners HealthCare CISO Jigar Kadakia shared 5 keys to breach response and they all relate to communication. Massachusetts eHealth Collaborative CEO Micky Tripathi, meanwhile, recounted the well-known breach his firm faced in 2011 and put forth this advice: Don’t panic.

4. Ignore the so-called "security graveyard" at your peril. Intermountain CISO Karl West highlighted 10 outdated tools and practices that need to be replaced right now. Think you can thrive without a SOC or SIEM? Not so fast. And don’t even think about tapping into a cloud computing service without asking every vendor you evaluate, even those big-gun hosting sites in the Pacific Northwest, an exhaustive list of questions.

5. The word "hacking" has more than one meaning. Zen Chu, who directs MIT’s Hacking Medicine Institute, elaborated the other, original meaning of hacking – that being clever uses of technology, rather than cybercrime or hacktivism. By embracing that connotation and putting tech to work improving the patient experience, Chu said, innovative health IT pros can become heroes. Aetna CISO Jim Routh, meanwhile, also extolled the virtues of innovation: He told attendees that he's earned a big payoff by placing bets some might consider risky on early-stage startups, before they get venture capital or eke out market share.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com


 The Privacy & Security Forum took place in Boston, Dec. 5-7, 2016. 
⇒ Roundup: Everything that happened at the Privacy & Security Forum
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks

⇒ What's the fundamental problem with cybersecurity? Relying on the Internet


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.