Privacy & Security (286)

Kathryn Ayers Wickenhauser, DirectTrust's chief strategy officer, says the organization began as an ONC initiative but now independently supports a secure EHR-based communication network and accredits health technology.

Philip Bradley, HIMSS digital health strategist, says the INFRAM framework's requirements ensure that health systems' infrastructure is optimized to support advanced cybersecurity and analytics capabilities.

No matter how big or small a healthcare organization is, a full understanding of its assets is critical to cyberdefense, says Luta Security's Katie Moussouris as she shares insights on national infrastructure security.

Etay Maor, chief security strategist at Cato Networks, says artificial intelligence is useful to the good guys and bad guys alike: "How do we hack in AI systems? And how do we use AI systems to our advantage?"

Before implementing AI tools, Matt Murren, CEO of True North ITG, says leaders must ensure that data flows freely between their EHR and practice management systems, and that they know how the tool will fit into existing procedures.

Eric Liederman, CEO of CyberSolutionsMD, says that since financial institutions have greatly increased their security measures, bad actors now see healthcare organizations as more vulnerable and lucrative targets.

Michael Gross, Cleveland Clinic's manager of cybersecurity intelligence, says healthcare leaders can build stronger cyberdefense strategies by involving each department across their organizations.

The current HIPAA rule lays the groundwork for a new forward-looking approach as the stakes are ever higher, says Ferdinand Hamada, managing director of Healthcare, Pharma & Life Sciences (HPLS) sector at MorganFranklin Cyber.

Karly Rowe, interim president of Inovalon's provider business unit, says that, after the Change Healthcare breach, healthcare organizations are diversifying their buying strategies and asking about vendors' cybersecurity policies.

Lee Kim, senior principal of cybersecurity and privacy at HIMSS, says 2024's healthcare cybersecurity incidents highlighted third-party vendor risk and the need to prepare business continuity plans and tabletop exercises in case of attack.

The new security rule is very specific on required technical controls, but it can also help to better position healthcare organizations to manage their third-party risks, says Garrett Weber, Akamai Technologies field CTO for enterprise security.

Tjasa Zajc, special advisor for HIMSS and moderator for the HIMSS25 Global Leaders Exchange panel, says a digital health literacy maturity model would aid in training and inspiring staff to adopt new tools and cybersecurity practices.