Code Red: HIMSS' Cybersecurity Podcast

Welcome to HIMSS’s new health IT cybersecurity podcast, Code Red. Code Red focuses on cybersecurity challenges facing health care today & tomorrow, featuring the voices of the people on the front lines. The goal of the podcast is to explore the interplay between the people, processes & technologies that make up an organization’s cybersecurity posture from both a leadership & skills-based perspective.

Episode #3: Want Your Files? Tough, Pay Me

Need to know the dosage for a patient’s medication?  Tough, pay me.  Need to know the lab results for that biopsy?  Tough, pay me.  Need to access your notes to reconsider a patient’s prognosis?  Tough, pay me.

Well, this is a new problem, isn’t it? Paper records on a shelf?  Pretty hard to walk off with those.  You can keep an eye on those.  You can lock a door on those.  Electronic records on your database?  Take a number.  Who isn’t after them? Who isn’t going to earn more money on the street today, on this very day, from those records than you are?  Because we all know negotiating a new world of evolving health care revenue models is challenging.  Because we all know that their revenue model is one of the world’s oldest and easiest to understand.  You want it, I got it.  You want it, I got it.  Now let’s see how bad you want it back.

So how does a newly digitized health care industry react to all this attention from a long-ago digitized criminal industry?  How can health care organizations operate in a marketplace that asks them to share data both widely and securely?   How does a health care organization ready itself to handle unwanted ransomware attacks?  How do health care organizations build trust between their people, partners & patients that they are ready when the attack happens to them?  Because.It.Will.Happen.

In this episode of Code Red, we explore the evolving threat of ransomware attacks on the health care industry and what organizations can do to protect themselves with the Chair of the HIMSS Privacy & Security Committee, Josh Black.

This Episode’s Guest

Josh Black
Manager, IT Security Administration
Information Risk Officer
Assistant HIPAA Security Officer
University of Arkansas for Medical Sciences
Learn more about Josh
Follow CUniversity of Arkansas for Medical Sciences on Twitter: @uamshealth
Learn more about University of Arkansas for Medical Sciences

 

This Episode’s Promos

Healthcare Privacy & Security Forum
The Privacy & Security Forums are two-day conferences, presented by HIMSS Media, held around the nation, with a specific focus on current industry topics. Register for the December 2016 Healthcare Privacy & Security Forum in Boston, Massachusetts

This Episode’s Event Recap
Host Rod Piechowski describes the cybersecurity challenges being discussed at the 2016 HIMSS AsiaPac Conference. 

Learn more about the HIMSS Asia Pac Conference

Read Rod's blog post on the conference "We're All In This Together"

This Episode’s Audience Ask

Send us voice memos or emails describing your organization’s top ransomware challenges and what you are doing to meet those challenges.  Also let us know what topics you’d like us to cover on future Code Red episodes.  Send your voice memos and emails to codered@himss.org.

Episode #2: The Right Skills for CISOs & The HIMSS Privacy & Security Community

Welcome to Code Red, HIMSS’s new health IT cybersecurity podcast. Code Red focuses on cybersecurity challenges facing health care today & tomorrow, featuring the voices of the people on the front lines. The goal of the podcast is to explore the interplay between the people, processes & technologies that make up an organization’s cybersecurity posture from both a leadership & skills-based perspective. In this August update episode, we will explore the right skills needed for Chief Information Security Officers from two thought leaders in health care security. We will hear about privacy & security initiatives you can participate in here at HIMSS.

This Episode’s Guests

Mac McMillan, FHIMSS, CISM
CEO
CynergisTek, Inc.
Learn more about Mac
Follow CynergisTek, Inc on Twitter: @cynergistek
Learn more about CynergisTek, Inc.

 

Heather Roszkowski, MSIA, CISSP
Chief Information Security Officer
The University of Vermont Medical Center
Learn more about Heather
Follow The University of Vermont Medical Center on Twitter: @UVMMedCenter
Learn more about The University of Vermont Medical Center

 

Find Mac & Heather's HIMSS15 Presentation "Selecting the Right CISO & Building the Security Office" in the HIMSS eLearning Center

 

This Episode’s Promos

HIMSS17

The 2017 HIMSS Annual Conference & Exhibition, February 19–23, 2017 in Orlando, brings together 40,000+ health IT professionals, clinicians, executives and vendors from around the world. Exceptional education, world-class speakers, cutting-edge health IT products and powerful networking are hallmarks of this industry-leading conference. Register today for HIMSS17

Healthcare Privacy & Security Forum

The Privacy & Security Forums are two-day conferences, presented by HIMSS Media, held around the nation, with a specific focus on current industry topics. Register today for the December 2016 Healthcare Privacy & Security Forum in Boston, Massachusetts

This Episode’s Audience Ask

Send us voice memos or emails describing your organization’s top cybersecurity challenge and what you are doing to meet that challenge.  Also let us know what topics you’d like us to cover on future Code Red episodes.  Send your voice memos and emails to codered@himss.org   

Code Red Episode #1: You Are the Next Target

So here’s what keeps me up at night:   The neighbor’s barking dog. The stray firecracker that goes off at 2:30. And Patients.  Millions of patients.  And when I say patients, I really mean people.  Millions of people whose most intimate details… their stories…have been laid bare for the world to see on behalf of the highest bidder.  Millions of people who have to wonder who knows about their recent bout of depression.  Or who knows about their history of high blood pressure and their medication for it?  What about that cancer scare?  And if that isn’t enough, that these people have to wonder, whose got my social security number?  How many accounts have been opened in my name?  How many purchases made with my credit? 

Collectively, we have to wonder if we can ever be truly secure?  Are our physical and virtual lives irreversibly intertwined? Is the idea of privacy even a valid concept anymore?  These questions, for which there are no easy answers, are some of the things that keep me up at night. I bet they keep you up too.  

So here’s what keeps me going each day.  For every malicious hacker, there is a white-hatted one.  For every attack on a server, there is a dedicated IT security professional ready to respond.  For every malicious line of code, there is one created to defend against the malice.
So how do we respond?  How does the health care sector deal with the cybersecurity issue?  Who do we look to for leadership and guidance through the battles ahead of us?   

Welcome to HIMSS’s new health IT cybersecurity podcast, Code Red.  Code Red focuses on cybersecurity challenges facing health care today & tomorrow, featuring the voices of the people on the front lines. The goal of the podcast is to explore the interplay between the people, processes & technologies that make up an organization’s cybersecurity posture from both a leadership & skills-based perspective.

In this episode we will discuss the existential threat of cybersecurity attacks in the age of ubiquitous digital health and the range of current cyber-security threats. We’ll talk to HIMSS Privacy & Security Committee member, Ram Ramadoss, Vice President – Privacy, Information Security & EHR Oversight at Catholic Health Initiatives, the nation’s third-largest nonprofit health system.  

-Rod Piechowski (Host)
 

This Episode’s Guest: 

Ram Ramadoss
Vice President, Privacy, Information Security & EHR Oversight
Catholic Health Initiatives

Member-Cybersecurity Task Force, Department of Health & Human Services
Learn more about Ram: https://www.linkedin.com/in/ramramadoss
Follow Catholic Health Initiatives on Twitter: @CHI_Updates
More on Catholic Health Initiatives: http://www.catholichealthinitiatives.org/

 

This Episode's Transcript

Read it here

 

This Episode’s News:

2016 HIMSS Cybersecurity Survey Results
Download a copy of the 2016 HIMSS Cybersecurity Survey results.  

Cybercriminal TheDarkOverlord stole more patient records and medical images than originally thought, InfoArmor reports
The hacker broke into organizations on the HL7 network, the security firm has found, and has since put those records up for sale on the dark web. The security firm also said TheDarkOverlord is actively looking for more servers to hack in healthcare.  Read more

Informatics experts offer guidance for defense against ransomware
As ransomware attacks continue to increase, healthcare stakeholders across the board are going to have to step up their efforts both to prevent and recover from security incidents as quickly as possible.  In an attempt to move those efforts forward, Dean Sittig, a professor at the University of Texas School of Biomedical Informatics, and Hardeep Singh, MD, chief of the Health Policy, Quality and Informatics Program for the Department of Veterans Affairs, recently wrote "A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks.”  Read more

Read the whitepaper “A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks

This Episode’s Hashtags: 

#HITSecurity, #HITworks, #Ransomware, #YouAreTheNextTarget

This Episode’s Promo:

Healthcare Privacy & Security Forum
The Privacy & Security Forums are two-day conferences, presented by HIMSS Media, held around the nation, with a specific focus on current industry topics. Register for the December 2016 Healthcare Privacy & Security Forum in Boston, Massachusetts

This Episode’s Audience Ask:

Send us voice memos or emails describing your organization’s top cybersecurity challenge and what you are doing to meet that challenge.  Also let us know what topics you’d like us to cover on future Code Red episodes.  Send your voice memos and emails to codered@himss.org