by Lisa Chamoff
, Contributing Reporter | February 22, 2019
Most hospital executives understand the need for cybersecurity, but even in the wake of headline-grabbing cyberattacks, such as WannaCry, it remains a tough sell.
David Finn, executive vice president of strategic innovation at cybersecurity consulting firm CynergisTek, knows all too well how thin healthcare budgets are. Finn spent 25 years in the provider space, including several of those as a chief information officer for an integrated delivery system.
Finn spoke at the HIMSS 2019 conference in Orlando, along with Theresa Meadows, senior vice president and CIO for Cook Children's Health Care System, during a talk entitled “Building Business Narratives to Sell Security to the Board” and met with HCB News in the CynergisTek booth during the show.
Numed, a well established company in business since 1975 provides a wide range of service options including time & material service, PM only contracts, full service contracts, labor only contracts & system relocation. Call 800 96 Numed for more info.
“I’ve lived the pain,” Finn told HCB News.
The talk covered the business impact of recent high-profile data breaches, and Finn spoke to HCB News about the importance of approaching cybersecurity from a business perspective in order to drive the point home to hospital leadership.
“If a blood pressure cuff stops working, you’re probably not going to hurt, damage or shut down clinical workflows,” Finn said. “If your cath lab gets [the] Conficker [virus] … and you can’t do any heart procedures, you have a different level of risk.”
Finn emphasized the importance of a “more holistic approach” to cybersecurity, privacy and compliance, by looking at the tools and services surrounding it.
“We tend to silo those things and say security is an IT problem,” Finn said. “It’s always lovely to think there’s a silver bullet. You can buy a technology and it will solve all your problems. That will never happen. Technology is a tool, but when you loop in the processes around the medical and securing them with the clinical engineering aspect and then add the people to it … you really begin to get your arms around it and reduce the risk.”
Finn explained that when working with a client, the team at CynergisTek looks at the governance structure.
For example, Finn said, along with having cybersecurity policies in place, leadership should make sure that IT staff is doing the proper patching and software updates.
“If you don’t have the processes in place, if you don’t have the right people engaged, it really doesn’t matter what you’re doing in terms of security,” Finn said. “You have to tie all the pieces together.”