Cybersecurity: How HSS Gets it Done
Ortho Spine News interviewed Vikrant Arora, chief information security officer at HSS, who discussed the strategies behind protecting HSS from cyberattacks, and the biggest factors posing a risk to users.
Arora ensures the staff at HSS is aware of the best ways to avoid cyber issues. “Throughout the year the security team does phishing campaigns where we send phishing emails to gauge how users react and provide ‘just in time’ training. Anyone who has clicked on three in six months is flagged as ‘high risk’ and we have them attend a formal training.” He explained, “We take a similar approach when it comes to people visiting questionable websites. The training is completely customized, so they walk away with a meaningful message. All our security education is imparted based on risk and role. That way the intervention is not burdensome for the entire hospital. Finally, the focus for all education is protecting personally-sensitive data and not just corporate-sensitive data and staying safe online at home and at work. We are also taking steps to protect our patients from being phished to increase trust in HSS as not just a provider of care but also as a custodian of their medical information.”
When it comes to risks for cyberattacks, Arora noted, “I look at threats as being in three ‘buckets.’ The first is regulatory. When it comes to HIPPA, as it is now data is loosely shared with partners, who often bring on consultants or subcontractors so that information ends up being widely distributed. And there is no way a hospital can produce a map that shows everyone who has access to patient X’s data. Also, it is almost impossible to delete all of the records from a patient if he/she requests to do so, a right built into GDPR and the CCPA (duty to delete).”
The second factor that keeps Arora up at night are advanced cyber criminals. “As is obvious from many of today’s political headlines, cybercriminals have evolved significantly. Geopolitical tensions are part of this mix,” he cited.
Lastly, the third factor is consumerization. “Consumerization, i.e., this raging demand of Uber-like convenience is happening in most, if not all, industries, including healthcare. But making things super easy for customers while keeping data safe is no small feat. There is the Internet of Things (Telemedicine, refrigerators with Wifi, electronic prescriptions, Alexas, BP machines, insulin machines with Wifi, etc.). The point of all of this connectivity is data…vendors, patients, hospitals, and the government are all collecting data,” said Arora.
Read the article at Orthospinenews.com. Please note a subscription is required in order to access the full text.