CLOSE

Specials

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

healthcarebusinessreview
US
EUROPE
APAC

About us

  • Home
  • Contributors
  • News
  • Conferences
  • Newsletter
  • Magazine
×
#

Healthcare Business Review Weekly Brief

Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Healthcare Business Review

Subscribe

loading

Thank you for Subscribing to Healthcare Business Review Weekly Brief

  • Home
  • Contributers

Recommended Insights

How Pioneering Technologies Streamline and...

Andrew Parker, Vice President, Corporate Business...

3D Printed Talus Replacement

Jisun J. Lee, MS, DPM, Mica Murdoch, DPM, Ashley...

Connected Care

Samuel Alfano DO, Medical Director, Clinical...

The [EHR] Doctor is in

Rebecca G. Mishuris, MD, MPH, MS, Chief Medical...

Hospitals Rely on New Technologies to...

Andrew Parker, Vice President-Human Resources &...

Medical Spine Care: Have We Finally Arrived?

Michael Geraci, Medical Director Comprehensive Spine...

The Modern Day Biomechanics

Julio Martinez, Medical Director, Baystate Health

Reducing Clinical Variation in Medicine...

Michael C. Sanders, M.D., Chief Medical Informatics...

How Pioneering Technologies Streamline and...

Andrew Parker, Vice President, Corporate Business...

3D Printed Talus Replacement

Jisun J. Lee, MS, DPM, Mica Murdoch, DPM, Ashley...

Connected Care

Samuel Alfano DO, Medical Director, Clinical...

The [EHR] Doctor is in

Rebecca G. Mishuris, MD, MPH, MS, Chief Medical...

Hospitals Rely on New Technologies to...

Andrew Parker, Vice President-Human Resources &...

Medical Spine Care: Have We Finally Arrived?

Michael Geraci, Medical Director Comprehensive Spine...

The Modern Day Biomechanics

Julio Martinez, Medical Director, Baystate Health

Reducing Clinical Variation in Medicine...

Michael C. Sanders, M.D., Chief Medical Informatics...

Cybersecurity and Healthcare: It's Not Just About Protecting the Data

Daniel Nigrin, MD, SVP & CIO, Boston Children’s Hospital
Tweet

Healthcare CIOs have hopefully all now heard and heeded the warnings regarding enhancing their organization’s cybersecurity posture, both in terms of technological sophistication and of staffing and staff awareness. Clearly this new threat has grown exponentially over the course of the last several years, and it seems likely that it will continue to escalate further. The financial and reputational costs of a breach are very large and often last for years, as witnessed by recent multi-million dollar fines levied against organizations several years after the initial incident occurred.


Yet I remain concerned that our focus has been too narrow, with the safeguarding of our patients’ data as the primary issue. Of course, we obviously must ensure that this data remains well-protected and out of the hands of the “bad guys.” We have certainly heard about the value of health records on the open market and how it remains enormously profitable for hackers to go after this information. And as mentioned above, there’s obviously the very real concern of very large financial penalties imposed on organizations for HIPAA violations, and all the other financial losses that go along with a breach.


But there’s an important lesson that I learned back in 2014 when the hacktivist group Anonymous attacked us at Boston Children’s Hospital, and that I have seen play out more recently at hospitals around the country that likewise have been subject to ransomware and other cyberattacks. And that’s that these cyberattacks have the ability to cause major disruptions in the actual provision of care to patients, and to the general operations of a healthcare organization.


During our anonymous attack experience, we withstood a number of different disruptions, each of which caused different operational challenges for us.


First, we experienced a massive distributed denial of service (DDoS) attack on our network, which briefly caused an interruption in both inbound and outbound Internet access. During that interruption, any clinical function that depended on Internet access was rendered unavailable. As an example, even though our EHR remained functional, the ability for providers to electronically send prescriptions to pharmacies was temporarily impacted, and manual workarounds had to be implemented. Had the outage lasted longer, other more fundamental operational tasks would have required workarounds as well—for example, the ordering of medical supplies to maintain sufficient par levels throughout the enterprise, or even sending employee payroll information to banks.


"During our anonymous attack experience, we withstood a number of different disruptions, each of which caused different operational challenges for us"


We also experienced direct attacks on exposed firewall ports and services, requiring us to shut down patient and provider portals, research projects and philanthropy sites, all as a means of protecting ourselves from these attacks. All of these actions, while necessary to ensure the security of our network, had significant disruptive effects on our communication with our patients and referring providers, research collaborators around the world, and to potential donors to our organization.


Finally, we experienced a massive influx of malware-laden, spear-phishing emails, designed to provide a means for the attackers to get access to the portion of our network behind the firewall, and in turn to sensitive applications and data. We needed to ensure all malicious email was quarantined appropriately, and an alert was sent out to staff about the absolute importance of not clicking links or opening attachments unless absolutely sure that they were safe. To this end, we took a proactive step, and temporarily shut down our entire email system. As with the shutdown of our external web sites, this was an extremely disruptive action, though one which we felt necessary. Communication in a large organization is severely impacted without email, and though we all sometimes wish for an “email holiday,” many critical operational functions rely on email as their mechanism for communication. It was only because we had fortuitously recently implemented a secure internal texting platform (for HIPAA compliance) that we had an alternative means of electronically communicating critical information to our staff during this email downtime period.


These examples serve to highlight that strong defenses as well as operational contingency plans need to be put in place to safeguard our organizations and our ability to ensure clinical operations. Although protection of data is clearly a high priority, I submit that ensuring that we are able to effectively and safely provide care for patients is priority number one.


Weekly Brief

loading
> <
  • Healthcare Facilities Management 2022

    Top Vendors

    Current Issue
  • Healthcare Bpo 2022

    Top Vendors

    Current Issue
  • Veterinary Solution 2022

    Top Vendors

    Current Issue
  • Healthcare Executive Search 2022

    Top Vendors

    Current Issue

Read Also

Evolving Technology with Changing Healthcare Landscape

Saad Chaudhry, Associate Chief Information Officer and Executive Director, Anne Arundel Medical Center
Evolving Technology with Changing Healthcare Landscape

Mount Sinai: Revolutionizing Healthcare Industry

Kumar Chatani, EVP & CIO, The Mount Sinai Hospital
Mount Sinai: Revolutionizing Healthcare Industry

Integrated Health Care Delivery Systems

Daniel Barchi, CIO, NewYork-Presbyterian Hospital
Integrated Health Care Delivery Systems

The Three 'MustHave' Real Technology for the Healthcare

Riccardo Altura, CIO, Centro Medico Santagostino
The Three 'MustHave' Real Technology for the Healthcare
Three Lenses Shaping Digital Transformation

Three Lenses Shaping Digital Transformation

Silji Abraham, CIO, MilliporeSigma
Avoiding the 'Shiny Object' Trap of Digital Transformation

Avoiding the 'Shiny Object' Trap of Digital Transformation

Timothy White, Vice President & Head of Global Digital Commercial, Teva Pharmaceuticals

Digital Transformation: Start with Workflow

David Threm, CIO, Ash Brokerage
Digital Transformation: Start with Workflow

The Digital Transformation Trifecta: Cloud, IoT, and Big Data

Joe Topinka, CIO, SnapAV
The Digital Transformation Trifecta: Cloud, IoT, and Big Data
Loading...

Copyright © 2022 Healthcare Business Review . All rights reserved. |  Subscribe follow on linkedin

This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://www.healthcarebusinessreview.com/cioviewpoint/cybersecurity-and-healthcare-it-s-not-just-about-protecting-the-data-nwid-86.html