In a HIMSS21 Digital panel moderated by Saif Abed, director of Cybersecurity Advisory Services, Stephen Dunkle, CISO at Geisinger Health System, and Kathy Hughes,CISO at Northwell Health, talked on Wednesday about how the sudden shift to remote work has impacted decision making around pandemic-era security.
Hughes said the biggest issue they had to deal with was the element of surprise, and as it became clear it was a global issue, the challenge was figuring out what to do to ensure security across all staff and tactical issues of how to be productive and communicate and collaborate more effectively.
“This was important especially as it became more apparent that healthcare was being targeted for cyber incidents,” she said. “There was a heightened pressure on us that really made us have to think through things more carefully than we had before.”
She noted other issues, like having to move to a remote workforce so quickly—basically overnight and having the resources to support that.
Dunkle added that amidst it all, the silver lining was the organization coming together in an “astonishing” way, with politics falling by the wayside and adopting a “can do” mode in recognition of the stress involved.
“We felt very much engaged across the entire organization, especially with executive management, making sure security was always being considered and always having our back,” he said.
There’s also the issue of the divide between clinical leadership and IT leadership when it comes to securing a hybrid health system, which Abed pointed out and Hughes said had the Northwell had always tried to avoid with collaboration.
“We’re always striving to figure out how we can do it better and more securely. We had to deploy all these wireless type devices, or to help patients communicate with their loved ones,” she said. “We were always asking the clinical teams what they needed, what patients wanted, and through that collaboration, really showed just how strong we are when we put our minds together.”
Dunkle said a top tip for security leaders for preparing for a future crisis is to anticipate the threats and work hard on threat intel.
“In this game, you win by being ahead of the curve as much as possible,” he said.
“Sometimes we can get wrapped up in these new tools and tricks, so we want to make sure that these technologies are seen as the mediator and not the end goal,” she said.