Cybersecurity weak points arise just about any time IT services are added or removed, or new products and vendors enter a network.

August 01, 2017 11:50am

Target’s HVAC vendors were phished and led to the more than 100 million records breached a few years ago.

With all the focus on EHR and data interoperability, digital health, and Internet of Things devices, security and tech execs must remember a certain reality: connecting previously disparate information systems often opens up weaknesses that hackers can exploit.

Cybersecurity weak points, in fact, arise just about any time change happens, IT services are added or removed, or new products and vendors enter a network, said Glenn Stover, IT security manager at Beebe Healthcare, a Delaware health system.

Stover and FairWarning CEO Kurt Long shared insights for IT and security executives constantly connecting new and legacy systems to their networks — and it begins with transforming the way you think about both IT and infosec.

“Information technology exists across nearly every aspect of healthcare and can no longer be considered an independent department, but rather as an integrated body that is in line with the organization’s vision and direction,” Stover said.

Begin with the basics

There are known strategies and tactics that healthcare CIOs and CISOs can employ to help shore up weak points between disparate information systems.

For starters, many infosec basics apply: maintain accurate inventory of hardware, software and data flow, enable visibility into these systems through audit trails that track who is accessing them and when that access is occurring, and of course, inventory all data stored on them.

Security teams also need to update their acceptable use policies and broadcast them to all persons with access to protected health information, said Kurt Long, founder and CEO of FairWarning, a data protection and governance firm.

Read More