I think we can all agree that every industry needs to participate and understand the basics of cybersecurity. If an industry doesn’t, then they open themselves up to a lot of risks. However, one industry must take cybersecurity seriously, and that industry is healthcare. Every person in the world relies on some form of healthcare, which means everyone relies on the cybersecurity their healthcare providers use to keep their information safe.
In episode 45 of our Reimagining Cyber Podcat, Cyber Challenges in Healthcare, Stan Wisseman and Rob Aragao sat down and talked with Louis Lerman about cybersecurity in the health care industry. Lerman is currently serving as the VP and CISO of Pediatrix Medical Group, but has experience working in many sectors such as government and defense, education, software development, financial and technology. In this episode of Reimagining Cyber, healthcare was the topic but they touched specifically on how COVID-19 altered the status quo for the healthcare industry, how HITRUST certification works as an enabler, and the risks of outdated and unprotected medical devices, ransomware attacks.
COVID-19 changed the world in many ways. One of the major changes it had on the healthcare industry was the rise in telemedicine, use of cloud services and clinical innovations. While this is a great improvement, it still comes with cybersecurity risks. Lerman points out that they had to re-architect internal applications that were only able to be used in office or hospital settings to a new cloud-based architecture to allow the accessibility of remote work. Lerman even states, “Being able to access it from wherever they are and keeping it secure, has been (a) big effort (and) a big challenge for us.” To make this offering even more attractive, Lerman and his colleagues are seeking the HITRUST certification.
HITRUST is a comprehensive and certifiable security framework that’s used in the healthcare industry to efficiently approach regulatory compliances and risk management. Being HiTrust certified allows Lerman and the Pediatrix Medical Group to be able to attest to the security of their solution to healthcare organizations in a quicker and more efficient way than before. Lerman compares HITRUST to FedRAMP in the government sector. He notes that this accreditation, “will help to separate us further from our competition to show that, look, Pediatrix, takes security seriously.”
The healthcare sector is target rich environment for cyber attacks to take place, and every role in the industry including IT, executives and clinicians need to understand what is going on. Lerman also points out the importance of sharing threat intelligence briefings with not only the IT department, but with the executive team and levels one and two of management. This raises cyber threat awareness to the business as a whole relevant threats and how it they can be mitigated.
Get a more in-depth view of this episode, Cyber Challenges in Healthcare, and Louis Lerman, as well as all podcast episodes of Reimaging Cyber.
You can find the latest episode of Reimagining Cyber on Apple, Spotify, Google, Stitcher, and Buzzsprout. Give it a listen and let me know what you think. Log in or register to comment below.