Are We Doing Enough To Protect Health Records?

Are we doing enough to protect health recordS_.jpg

By Sean Martin, host of At The Edge and An InfoSec Life

Health data is some of the most important, sensitive, and valuable information available. This information is critical in providing health services, of course, but is also valuable in other ways; for criminal and fraudulent purposes. The question is, are we doing enough as an industry to help protect this data from all aspects of the security CIA triad: confidentiality, integrity, and availability?

To help answer this question, Sean Martin, editor in chief for ITSPmagazine, connected with Gerard Scheitlin, the Chief Risk Officer and chief of security, risk and assurance for Orion Health as part of the An InfoSec Life podcast series here on ITSPmagazine. Gerard has some amazing experiences to share as he looks to help his healthcare organization not only protect sensitive health information, but also to help make this information available in ways that can make our population healthier in the process. Of course, as the person responsible for also ensuring that the business processes and systems are designed and deployed with security in mind, Gerard has some interesting tales to share here as well.

In this Part 1 of this 2-part series, Gerard provides some insight into the challenges CISOs face with the growth of technology counter-balanced with the long-lasting legacy systems organizations and their patients continue to rely on every day. For example, when people think about the systems running in hospitals and clinics, a significant number of them running older Windows systems: IV drip machines and heart monitors, for example. The challenge comes when a doctor wants to buy a new piece of equipment that can help save lives—does the provider buy that new piece of equipment to help saves lives, or do they replace the older systems that could be compromised and could put lives in danger? It is a difficult decision for the CIO, CTO, and CISO. But, as Gerard notes, The recent WannaCry events have triggered some sense of reality where some of the antiquated equipment is now being replaced.

As another example, one where the CISO role is helping with innovation, Gerard speaks to the work Orion is doing in the mobile and remote health services space and how their partnership with the CDC is helping to identify potential outbreaks, stopping them in their tracks before they can gain a foothold on society. In this scenario, the focus isn’t about safely moving medical records around, it is more about how to utilize the information to make the population and Orion's patients healthier.

There’s some great stuff in this episode. Have a listen and be sure to join us for the second part when it comes out.

Enjoy the podcast, listen to it carefully and share it recklessly!