Top security takeaways from the P&S Forum
From cybersecurity to HIPAA compliance, medical devices to BYOD, there was lots to learn this week as more than 300 healthcare professionals gathered in Boston to tackle the technology and workforce challenges to protecting patient data.
Be ready: Hackers are coming for your data
Cyber Czar Richard Clarke made it clear in his opening keynote: Healthcare can no longer afford to ignore the massive and pervasive threats to patient data.
One key to better security: Connect with clinical staff
"We have got to get out of our offices and out to the front lines," Fairview Health Services Chief Information Security Officer Barry Caplin (center) told his fellow CISOs. "Feel their pain. If you haven't gone out to a nurse station or a front desk and seen the frustration, you can't possibly do your security job."
Medical device security? Focus on the basics
University of Michigan researcher Kevin Fu put it plainly: While terrorists hacking into pacemakers might make for good TV, the far more pressing danger to millions of vulnerable medical devices is a lax approach to software integrity.
To truly be secure, systems should be user-friendly
"Do people pick bad passwords because they're stupid? No," said University of Maryland researcher Jennifer Golbeck. "They pick bad passwords because their job is not picking passwords! Their job is whatever their job is. Should we be asking humans to pick passwords that, by their nature, are hard for people to remember?"
CISO is a role on the rise
"Depending how you look at it, we're about 1.5 million CISOs short in this country, across all industries," said CynergisTek CEO Mac McMillan. "Anyone in a a CISO role is incredibly upwardly mobile, with a lot of opportunity. You're going to have trouble not only finding them, but maintaining them."
But few Millennials are aware of the opportunities for cybersecurity jobs
Statistics presented by Michael Kaiser of the National Cyber Security Alliance:
* 67 percent of men and 77 percent of women in the U.S. said no high school or secondary schoolteacher, guidance or career counselor ever mentioned the idea of a cyber security career.
* 61 percent are unaware or unsure of the typical range of responsibilities involved in a cyber career.
* 69 percent were not offered classes to pursue a career in cybersecurity.
(Slide courtesy of NCSA)
There's a lot of work left to do