Consumerism driving hospitals to break down cybersecurity boundaries
Hospitals have spent years implementing firewalls and security controls to establish a perimeter. Now they’re at a crossroads as consumerism and patient experience take hold in healthcare.
First-moving IT and infosec shops, in fact, are already working to build a better patient experience — but doing so requires a new cloud mindset and culture change.
Those are among my takeaways from the HIMSS Security Forum in Boston this week. CISOs and security experts shared experience and insights about where healthcare is going, and what executives need to be thinking about today to make it happen.
Consumerism calls for new cybersecurity
“We’re taking down the perimeter,” Intermountain Healthcare CISO Karl West said.
Already, 75 percent of the system’s physicians conduct a total quarter-million virtual visits every month. What’s more, 80 percent of the data West described as critical to Intermountain is already in the cloud and the rest of it will move there in the next one to two years.
“The future environment we’re striving for is consumer-centric. People want frictionless entry into and out of our system: they want to understand how to navigate and most of them don’t want to go into a hospital,” West said.
The corporate goals of Sentara Healthcare, with patient populations in Virginia and North Carolina, include becoming more customer-centric through a new portal and mobile apps, along with a back-end enterprise data and analytics platform, said Dan Bowden, CISO of Sentara.
“We’re going to build our apps in a public cloud, our enterprise data platform in a public cloud,” Bowden said. “We chose Azure, but we know how AWS works and can switch to that if we need to.”
Among the reasons both Sentara and Intermountain are aggressively moving apps, data and analytics to the cloud: To maintain relevance in the fledgling consumer-era, rather than becoming another Kmart or Sears.
No, the cloud is not perfect
It’s no secret that healthcare as an industry has long been risk-averse about putting protected health information and medical data into the cloud.
While that is changing, hospitals undertaking digital transformation and patient experience initiatives should understand exactly what they’re getting into.
Mitchell Parker, executive director of information security and compliance at Indiana University Health, said the system does business with 1,300 vendors. While that includes all vendors, not just cloud services, it does highlight the scope of working with so many different puzzle pieces.
“The more you go to the cloud, the level of communication and coordination goes up significantly,” Parker said. “It’s not just one datacenter anymore, you’re dealing with the world.”
To that end, Bowden said hospitals should bring in “hard-core cloud animals,” and top tech talent with the chops and knowledge to bring in other people on the operations side.
“It takes building a new IT environment and a new culture,” Bowden explained. “The ‘infrastructure is code’ mentality is a different way of looking at how a lot of us have done our jobs for a while.”
That new culture Bowden referred to? It’s about kicking the mindset into high gear to build tech tools.
“Sentara IT — we’re now a software development company,” Bowden said. “That’s the way we think and operate every day.”
West recommended looking at AI and analytics to fortify infosec.
“Don’t look at the traditional way and say ‘how can I bring a perimeter into the cloud?’ Look at how you can do things differently,” West said. “What I’m trying to do is break the boundaries of traditional security to enable physicians to deliver care in a different environment.”
Focus on Cybersecurity
In October, we take a deep dive into security strategy and pressing threats.