HIMSS19 was a chance to gather with 45,000 cohorts to discuss all things healthcare. The show tackled everything from electronic health records (EHR) systems to bedpans, but I was focused on learning the role cybersecurity plays in healthcare. Below are some of the surprising and enlightening cybersecurity insights in healthcare I got from HIMSS19:
Healthcare InfoSec Leadership: How to Thrive and Succeed
Mitch Parker, executive director for information security and compliance at the University of Illinois Health (UI Health), explained what’s involved in establishing and leading an information security team that can thrive in times of change and uncertainty. He focused on the leadership skillsets his team embodies to achieve success. One comment that drew sustained applause, “We do not do enough to offset the toxicity, sexism and racism that is now prevalent in the IT security community.” Take a few minutes to learn how to cultivate a forward-thinking team, and check out Mitch’s slides.
Phishing: The Ongoing Scourge in Healthcare
Results from the HIMSS 2019 Cybersecurity survey were announced during the conference, which highlighted online scams as a major pain point for healthcare organizations. Health IT Security neatly summarized the highlights: “According to 48 percent of respondents, online scam artists (28 percent) and negligent insiders (20 percent) were the biggest threats to their organization.” Have I mentioned that Arctic Wolf Networks helps healthcare organizations combat phishing attacks and other cyberthreats?
MDR: Big Players Do It. Smaller IT Shops… Not so Much
In my conversations with large healthcare and insurance providers, many appeared confident in their ability to monitor their environment and detect and respond to threats. You might think larger organizations (HCA Healthcare, Kaiser, and Dignity Health)—with in-house SOCs and large security teams of their own—would not necessarily be drawn to Arctic Wolf’s booth. However, if nothing else, they found our HIMSS19 swag irresistible! Smaller healthcare organizations, of course, struggle with how to adequately monitor, detect, and respond to threats 24/7. I frequently heard “we monitor things,” but it quickly became evident that there was a low bar for doing so—such as a single IT generalist who occasionally looked at accumulated log information. Many had the desire to do better, but had not seen options beyond deploying an internal SIEM (an expensive proposition). They were keen to learn more about managed detection and response (MDR) and how healthcare organizations now leverage SOC-as-a-service offerings.
Healthcare Threat Information? Not This Time
One disappointment was that the Healthcare – Information Sharing and Analysis Center (H-ISAC) did not have a presence on the HIMSS expo floor. H-ISAC is a great resource for threat intelligence and I hoped to learn more about them (Arctic Wolf is a member of FS-ISAC that caters to financial services, and we want to learn about other ISAC offerings). The good news? H-ISAC will be at the RSA Conference in March. (Hope to see you at their RSA Conference meet-up!)
Discover More about SOC-as-a-Service
HIMSS19 had something for everyone, but you had to be in exceptional physical condition to march around the massive expo floor. If you missed us at HIMSS19 and you want to learn more about how SOC-as-a-service can help lift your cybersecurity game, check out resources on the Arctic Wolf website like the HIPAA Solution Brief, along with case studies for Madison Memorial Hospital and Bethesda Health Group.
About the AuthorYou might also be interested in...