Lancaster Physician Winter 2020 - 36

L A N C A S T E R M E D I C A L S O C I E T Y.O R G

Perspectives

"The security of these devices needs to be
top of mind for security programs in health
care," he said.

"At WellSpan, we're always working to
make these devices secure for our patients,"
Shrader said.

Costantino agreed that the health care
industry got off to a slow start in launching
robust information security programs but
believes it has gotten much better about
protecting itself in recent years. Many large
health systems across the United State have
established extremely talented security teams,
but, as connected health and technological
innovation continues to increase, threats will
continue to rise.

Along with concerns regarding medical
devices, Shrader remains on guard about the
potential for ransomware to hold operating
systems hostage. That, he said, is his worst-case
scenario, and he and his team take every step
possible to avoid it.

"It is important that security programs
continue to get the high levels of support
required to keep patient care and data safe
from cyberattacks," Costantino said.
WellSpan Health
WellSpan Health's line of
defense against cybercrime
depends on both technology
solutions and people solutions,
according to Michael Shrader, Director of
Information Security.
"Our technology solutions provide a safety
net for our users," Shrader explained. "We
provide education about threats such as email
phishing to our employees, and we provide
ways for them to communicate with our
security team for feedback."
That, he said, gives him and his team the
ability to gauge their reactions to possible
threats and bolster their defenses.
"The more our users are educated around
cyberattack techniques, the less likely it will be
for them to fall victim to attacks," Shrader said.
Like other information security directors,
Shrader is particularly concerned about a
threat that is unique to the health care industry.
Due to regulatory controls and concerns
about impacting the functionality of the
devices, it can be difficult to implement security
controls on medical devices, such as heart rate
monitors or glucometers, that can measure,
store, and transmit information.

"I can't help thinking about what it would
be like if that would occur," he said. "It's happened to many health care systems. We can't
just sit back and think it couldn't ever happen
to us. We must, and we do, remain vigilant."
Shrader attributes the increased focus on
cybersecurity within the health care industry
to regulations regarding electronic Protected
Health Information, or ePHI. ePHI, according
to HIPAA regulations, is "any protected health
information that is created, stored, transmitted
or received in any electronic format or media."
Protected information includes patients'
name, address, date of birth, email address,
Social Security number, and other data.
Health care has been forced to make investments to protect its systems in order to keep
that information safe, and it's raised awareness
of the importance of good cybersecurity,
Shrader said.
UPMC Pinnacle
At UPMC Pinnacle, internal
phishing campaigns are used
to help employees recognize
malicious emails. Employees undergo annual security
training and are reminded against storing
anything containing HIPAA information on
their personal or local computers.
A comprehensive policy regarding personal
devices is in place, and it is updated periodically
to cover for new cyber threats.
The medical information team works constantly to stay current with security solutions,
conducting regular internal/external penetration testing against its network.

LANCASTER

36

PHYSICIAN

All that and more is necessary to avoid the
very real threat of some sort of cyberattack,
explained Dr. Salim Saiyed, Vice President and
Chief Medical Information Officer.
"As an industry, we have experienced an
increased number of these attacks," Saiyed
said. "We must do everything we can to
prevent them."
Health care is a vulnerable area for cyberattacks because criminals recognize the value of
personal medical information and the need to
protect that information. That is evidenced by
the huge number of ransomware attacks that
occur within the industry.
Saiyed's particular concern is a day-zero
attack, which is an attack that occurs on, or
shortly after, the day that a security vulnerability
is discovered or becomes publicly known. Or,
the attack could occur before developers even
recognize that the vulnerability exists.
However, he said, plans are in place at
UPMC Pinnacle to maintain quality care for
patients in the event that some sort of system
interruption would occur.
Saiyed also said that patients play a role in
keeping their personal health information
safe. People should avoid sharing information
on social media or mobile apps, use strong
passwords to access any systems containing
information, use only recommended medical
apps, and be alert to data thieves, he advised.
It's important that everyone work together
to minimize the real threat of cybercrime in
the health care industry.
"We'll succeed when we work together and
share our best practices and experiences," Saiyed
said. "There are national and local organizations
working on this issue and keeping us abreast
of everything going on within the industry."



Lancaster Physician Winter 2020

Table of Contents for the Digital Edition of Lancaster Physician Winter 2020

Lancaster Physician Winter 2020 - 1
Lancaster Physician Winter 2020 - 2
Lancaster Physician Winter 2020 - 3
Lancaster Physician Winter 2020 - 4
Lancaster Physician Winter 2020 - 5
Lancaster Physician Winter 2020 - 6
Lancaster Physician Winter 2020 - 7
Lancaster Physician Winter 2020 - 8
Lancaster Physician Winter 2020 - 9
Lancaster Physician Winter 2020 - 10
Lancaster Physician Winter 2020 - 11
Lancaster Physician Winter 2020 - 12
Lancaster Physician Winter 2020 - 13
Lancaster Physician Winter 2020 - 14
Lancaster Physician Winter 2020 - 15
Lancaster Physician Winter 2020 - 16
Lancaster Physician Winter 2020 - 17
Lancaster Physician Winter 2020 - 18
Lancaster Physician Winter 2020 - 19
Lancaster Physician Winter 2020 - 20
Lancaster Physician Winter 2020 - 21
Lancaster Physician Winter 2020 - 22
Lancaster Physician Winter 2020 - 23
Lancaster Physician Winter 2020 - 24
Lancaster Physician Winter 2020 - 25
Lancaster Physician Winter 2020 - 26
Lancaster Physician Winter 2020 - 27
Lancaster Physician Winter 2020 - 28
Lancaster Physician Winter 2020 - 29
Lancaster Physician Winter 2020 - 30
Lancaster Physician Winter 2020 - 31
Lancaster Physician Winter 2020 - 32
Lancaster Physician Winter 2020 - 33
Lancaster Physician Winter 2020 - 34
Lancaster Physician Winter 2020 - 35
Lancaster Physician Winter 2020 - 36
Lancaster Physician Winter 2020 - 37
Lancaster Physician Winter 2020 - 38
Lancaster Physician Winter 2020 - 39
Lancaster Physician Winter 2020 - 40
Lancaster Physician Winter 2020 - 41
Lancaster Physician Winter 2020 - 42
Lancaster Physician Winter 2020 - 43
Lancaster Physician Winter 2020 - 44
Lancaster Physician Winter 2020 - 45
Lancaster Physician Winter 2020 - 46
Lancaster Physician Winter 2020 - 47
Lancaster Physician Winter 2020 - 48
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPFall21
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSummer21
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSpring21
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPWinter21
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPFall20
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LancasterPhysicianSummer2020
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSpring20
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPWinter20
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPFall19
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSummer19
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSpring2019
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPWinter2019
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPFall2018
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSummer2018
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSpring18
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPWinter18
https://www.nxtbook.com/hoffmann/Lancaster_Physician/Fall2017
https://www.nxtbook.com/hoffmann/Lancaster_Physician/Summer2017
https://www.nxtbook.com/hoffmann/Lancaster_Physician/LPSpring17
https://www.nxtbookmedia.com