In light of the uptick in hacker attacks on the healthcare sector, Everett Clinic is making a number of additional moves to bolster its cybersecurity, says CIO Becky Hood.
"We're taking steps to enhance our vulnerability management and increasing our security staffing to monitor our environment," she says in an interview with Information Security Media Group. "We have lots of tools in place, but we need to be watching what those tools are telling us."
Everett Clinic is a multi-specialty physician practice with more than 500 healthcare providers serving 300,000 patients in Snohomish County in Washington state.
"The [recent healthcare sector] attacks have also increased our executive and board awareness of cybersecurity, and we are also increasing our staff training," she says. "Educating our users on what impact their behaviors have on keeping our environment secure" is also among the clinic's top health data privacy and security priorities for 2016, she says.
Phishing a Growing Concern
"Phishing attacks are a worry because they can go directly to a user, and so education around that is something that we focus on," she says. "The phishing attacks are increasing, and are of concern, particularly [those] aimed at our executives and at finance. We have put in internal controls around the electronic transmission of financial transactions and have enhanced our spam filtering."
In addition, improving threat intelligence sharing and analysis are high priorities, she says.
In the interview (see audio link below photo), Hood also discusses:
- Why Everett Clinic is re-evaluating many of its business associate agreements in the wake of recent cyber-attacks, including an attack on the clinic's business partner, health insurer Premera Blue Cross;
- Key lessons emerging from the Department of Health and Human Services' "wall of shame" website of major health data breaches, and why the healthcare sector appears to be a bigger target for hacker attacks in recent months;
- The importance of strong security governance programs;
- The evolving threats and risks posed by insiders, business associates and external bad actors.
As CIO at the Everett Clinic, Hood oversees development and implementation of all information technology initiatives. She directs the strategic planning of enterprise IT systems in support of business operations in order to improve cost effectiveness, service quality and business development. She has been in healthcare IT for more than 25 years, working in the payer, software vendor and healthcare provider sectors. Hood is active in several professional associations, including the College of Healthcare Information Management Executives, or CHIME, and the Healthcare Information and Management Systems Society's Washington chapter, of which she is a past president.