How Do We Move Healthcare Cybersecurity Forward?

By Lee Kim, JD, CISSP, CIPP, Director, Privacy & Security, HIMSS North America | @lkimcissp

With so many threats, vulnerabilities, exploits, and compromises, healthcare cybersecurity—without a doubt—is a complex endeavor.  How do we move healthcare cybersecurity forward?  How can a small physician practice, community hospital, critical access hospital, or rural health clinic improve its security posture, despite limited staff and monetary resources?  How can an integrated healthcare delivery system stay on top of healthcare cybersecurity with its numerous endpoints, users, systems, and devices?

Based upon complex scenarios such as these, there is no doubt that there is room for improvement in the healthcare cybersecurity field.  But, we are not alone.  Many other private sector industries and the government face similar challenges.  Nonetheless, we can join forces by sharing valuable, vetted, and actionable information to stay ahead of the cyber threat.  We can also exchange meaningful information and dialogue and network with our peers.

Last year, the HIMSS board of directors had approved our HIMSS cybersecurity call to action.   In our cybersecurity call to action, we made the following “asks:”

  1. The healthcare sector should adopt a universal information privacy and security framework, such as the NIST Cybersecurity Framework
  2. HHS should create a cyber leader role to advance cyber readiness in the sector
  3. As a sector, we need to address the shortage of qualified healthcare cybersecurity professionals

On another front, we are also actively engaged in helping to share cyber threat and other information.  Examples of this include our HIMSS healthcare cybersecurity blog posts, the HIMSS healthcare cybersecurity community, and our monthly HIMSS healthcare and cross-sector cybersecurity reports.

From these initiatives, HIMSS has identified opportunities and threats within the industry that will be pivotal in addressing tomorrow's healthcare cyberculture. During my session, WANNACRY, PETYA, NOTPETYA. WHAT’S NEXT IN CYBERCRIME?I will share a review of a year in healthcare cybercrime and provide best practices to help industry colleagues stave off these threats in their organizations. 

This session will be livestreamed and recorded via Facebook Live. If you are not able to join us in Boston, add this session to your calendar and catch my talk live from the Healthcare IT News Facebook page! Like and Subscribe below.


Learn more about the 2020 Event


Subscribe for updates