With targets on their backs, healthcare CISOs fight to protect data

By Erin Ayers on May 17, 2017

CHICAGO — Healthcare chief information security officers (CISOs) know their organizations offer an appealing target for cybercriminals – and they’re doing everything they can to avoid being the next victims, according to a panel speaking during Advisen’s Cyber Risk Insights Conference here.

Panelists described the many moving parts to their organizations, with hundreds of healthcare professionals requiring access to sensitive information, cross-border compliance issues, legacy IT systems and medical devices, and vast networks of third-party partners.

“It’s really hard to go to a doctor who’s an expert in his field and say he needs to get rid of his X-ray machine that runs on Windows XP or Windows 98 when he says that’s the system that gives him the image he needs to save the patient,” said Robert Hill, CISO of the Mayo Clinic.”
The recent WannaCry ransomware attack gave healthcare institutions a wake-up call that cyber problems aren’t likely to go away any time soon.

“It was mind-blowing the last four or five days,” said Jerry Sto. Tomas, who said he had been involved in US Health and Human Services discussions on the massive global attack. He explained that while his organization wasn’t affected, an opportunity exists for the cyber insurance industry to help small and middle-market healthcare entities avoid falling victim to similar attacks.

Dealing with social engineering is “all about training,” said Hill. Mayo Clinic conducts monthly and occasionally weekly tests to see if employees will click on phishing links.


This story in an excerpt of the original. The content originally appeared in Professional Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Professional Front Page News on May 17, 2017.


Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at eayers@advisen.com.